Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-7358 | Improper Authentication vulnerability in ZTE Zxhn H168N Firmware ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | 8.8 |
| 2018-11-14 | CVE-2018-3696 | Improper Authentication vulnerability in Intel Raid web Console 3 Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. | 5.5 |
| 2018-11-13 | CVE-2018-2483 | Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | 4.3 |
| 2018-11-13 | CVE-2018-7910 | Improper Authentication vulnerability in Huawei products Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. | 6.8 |
| 2018-11-07 | CVE-2018-19076 | Improper Authentication vulnerability in multiple products An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. | 9.8 |
| 2018-11-02 | CVE-2018-17918 | Improper Authentication vulnerability in Circontrol Circarlife Firmware 4.3 Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | 9.8 |
| 2018-11-01 | CVE-2018-6908 | Improper Authentication vulnerability in Rainmachine Mini-8 Firmware and Touch HD 12 Firmware An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | 9.8 |
| 2018-11-01 | CVE-2018-6011 | Improper Authentication vulnerability in Rainmachine Mini-8 Firmware The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. | 8.1 |
| 2018-11-01 | CVE-2018-18891 | Improper Authentication vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | 7.5 |
| 2018-10-30 | CVE-2018-16467 | Improper Authentication vulnerability in Nextcloud Server A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | 5.3 |