Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-7076 Improper Authentication vulnerability in HP Intelligent Management Center
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.
network
low complexity
hp CWE-287
critical
9.8
2018-10-17 CVE-2018-10933 Improper Authentication vulnerability in multiple products
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4.
network
low complexity
libssh canonical debian redhat netapp oracle CWE-287
critical
9.1
2018-10-16 CVE-2018-18389 Improper Authentication vulnerability in Neo4J
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
network
low complexity
neo4j CWE-287
critical
9.8
2018-10-15 CVE-2018-17534 Improper Authentication vulnerability in Teltonika Rut900 Firmware, Rut950 Firmware and Rut955 Firmware
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control.
low complexity
teltonika CWE-287
6.8
2018-10-11 CVE-2018-1738 Improper Authentication vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms.
network
low complexity
ibm CWE-287
7.1
2018-10-10 CVE-2018-18061 Improper Authentication vulnerability in Tecrail Responsive Filemanager 9.8.1
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1.
network
low complexity
tecrail CWE-287
7.5
2018-10-10 CVE-2018-16738 Improper Authentication vulnerability in multiple products
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation.
network
high complexity
tinc-vpn debian starwindsoftware CWE-287
3.7
2018-10-10 CVE-2018-16737 Improper Authentication vulnerability in multiple products
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
network
low complexity
tinc-vpn starwindsoftware CWE-287
5.3
2018-10-10 CVE-2018-12455 Improper Authentication vulnerability in Intelbras Nplug Firmware 1.0.0.14
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
network
high complexity
intelbras CWE-287
8.1
2018-10-10 CVE-2018-0053 Improper Authentication vulnerability in Juniper Junos 15.1X49
An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up.
low complexity
juniper CWE-287
6.8