Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-02 | CVE-2017-6049 | Improper Authentication vulnerability in 3M Detcon Sitewatch Gateway Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. | 7.5 |
| 2019-04-01 | CVE-2017-8023 | Improper Authentication vulnerability in Dell EMC Networker EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. | 9.8 |
| 2019-04-01 | CVE-2019-5890 | Improper Authentication vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall 6.3 before build 2:346977. | 8.8 |
| 2019-03-30 | CVE-2019-10661 | Improper Authentication vulnerability in Grandstream Gxv3611Ir HD Firmware On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 9.8 |
| 2019-03-29 | CVE-2019-6481 | Improper Authentication vulnerability in Abine Blur 7.8.2431 Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component. | 7.5 |
| 2019-03-29 | CVE-2017-18106 | Improper Authentication vulnerability in Atlassian Crowd The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash. | 7.5 |
| 2019-03-28 | CVE-2019-1759 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. | 5.3 |
| 2019-03-28 | CVE-2019-1758 | Improper Authentication vulnerability in Cisco IOS A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. | 4.3 |
| 2019-03-27 | CVE-2018-12551 | Improper Authentication vulnerability in Eclipse Mosquitto When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. | 8.1 |
| 2019-03-26 | CVE-2019-3878 | Improper Authentication vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. | 8.1 |