Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0543 | Improper Authentication vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
| 2019-01-03 | CVE-2018-19249 | Improper Authentication vulnerability in Stripe API 1.0 The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction. | 7.5 |
| 2019-01-03 | CVE-2018-19505 | Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1 Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | 6.5 |
| 2018-12-31 | CVE-2018-19937 | Improper Authentication vulnerability in Videolan VLC for Mobile A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | 6.6 |
| 2018-12-26 | CVE-2018-19616 | Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. | 8.1 |
| 2018-12-26 | CVE-2018-17957 | Improper Authentication vulnerability in Suse Repository Mirroring Tool 1.0/1.1.0 The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. | 7.8 |
| 2018-12-24 | CVE-2018-20422 | Improper Authentication vulnerability in Comsenz Discuzx X3.4 Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | 8.1 |
| 2018-12-21 | CVE-2018-20342 | Improper Authentication vulnerability in Floureon Sp012 The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. | 6.8 |
| 2018-12-20 | CVE-2018-15721 | Improper Authentication vulnerability in Logitech Harmony HUB Firmware The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. | 9.8 |
| 2018-12-20 | CVE-2018-1000875 | Improper Authentication vulnerability in Berkeley Open Infrastructure for Network Computing 1.0.0/1.0.1/1.0.2 Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. | 9.8 |