Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-24 | CVE-2017-9819 | Improper Authentication vulnerability in Npci Bharat Interface for Money (Bhim) 1.3 The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication. | 9.8 |
| 2018-08-23 | CVE-2018-14786 | Improper Authentication vulnerability in BD products Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. | 9.4 |
| 2018-08-23 | CVE-2018-1999045 | Improper Authentication vulnerability in Jenkins A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. | 5.4 |
| 2018-08-23 | CVE-2017-16348 | Improper Authentication vulnerability in Insteon HUB Firmware 1012 An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. | 7.5 |
| 2018-08-21 | CVE-2018-15667 | Improper Authentication vulnerability in Airmailapp Airmail 3.3.5.9 An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. | 7.5 |
| 2018-08-21 | CVE-2018-15598 | Improper Authentication vulnerability in Traefik Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable. | 7.5 |
| 2018-08-20 | CVE-2017-16748 | Improper Authentication vulnerability in Tridium Niagara and Niagara AX Framework An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. | 9.8 |
| 2018-08-20 | CVE-2018-14078 | Improper Authentication vulnerability in Wi2Be Smart HP WMT R1.2.20201400922 Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack). | 9.8 |
| 2018-08-16 | CVE-2018-13446 | Improper Authentication vulnerability in Linecorp Line 8.8.1 An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. | 7.0 |
| 2018-08-16 | CVE-2018-13435 | Improper Authentication vulnerability in Linecorp Line 8.8.0 An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. | 7.0 |