Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-30 | CVE-2018-16465 | Improper Authentication vulnerability in Nextcloud Server Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | 5.3 |
| 2018-10-30 | CVE-2018-16464 | Improper Authentication vulnerability in Nextcloud Server A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | 5.7 |
| 2018-10-29 | CVE-2016-10732 | Improper Authentication vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | 9.8 |
| 2018-10-24 | CVE-2018-17923 | Improper Authentication vulnerability in Sagaradio Saga1-L8B Firmware SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. | 6.9 |
| 2018-10-24 | CVE-2018-15751 | Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 9.8 |
| 2018-10-24 | CVE-2018-18014 | Improper Authentication vulnerability in Citrix Xenmobile Server * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. | 7.8 |
| 2018-10-19 | CVE-2018-12667 | Improper Authentication vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. | 9.8 |
| 2018-10-19 | CVE-2018-12666 | Improper Authentication vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. | 9.8 |
| 2018-10-18 | CVE-2018-1822 | Improper Authentication vulnerability in IBM Flashsystem 840 Firmware and Flashsystem 900 Firmware IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. | 9.8 |
| 2018-10-17 | CVE-2018-7989 | Improper Authentication vulnerability in Huawei Mate 10 PRO Firmware Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. | 4.6 |