Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-0670 | Improper Authentication vulnerability in MNC Inplc-Rt 3.08 INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. | 9.8 |
| 2019-01-09 | CVE-2018-0669 | Improper Authentication vulnerability in MNC Inplc-Rt 3.08 INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. | 9.8 |
| 2019-01-09 | CVE-2018-20675 | Improper Authentication vulnerability in Dlink products D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | 9.8 |
| 2019-01-08 | CVE-2019-0622 | Improper Authentication vulnerability in Microsoft Skype 8.35 An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. | 4.6 |
| 2019-01-08 | CVE-2019-0543 | Improper Authentication vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
| 2019-01-03 | CVE-2018-19249 | Improper Authentication vulnerability in Stripe API 1.0 The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction. | 7.5 |
| 2019-01-03 | CVE-2018-19505 | Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1 Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | 6.5 |
| 2018-12-31 | CVE-2018-19937 | Improper Authentication vulnerability in Videolan VLC for Mobile A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | 6.6 |
| 2018-12-26 | CVE-2018-19616 | Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. | 8.1 |
| 2018-12-26 | CVE-2018-17957 | Improper Authentication vulnerability in Suse Repository Mirroring Tool 1.0/1.1.0 The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. | 7.8 |