Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-01 | CVE-2016-8609 | Improper Authentication vulnerability in Redhat Keycloak It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. | 8.1 |
| 2018-07-31 | CVE-2018-10603 | Improper Authentication vulnerability in Martem Telem-Gw6 Firmware and Telem-Gwm Firmware Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. | 9.8 |
| 2018-07-31 | CVE-2018-7947 | Improper Authentication vulnerability in Huawei Emily-Al00A Firmware Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. | 3.9 |
| 2018-07-31 | CVE-2018-1638 | Improper Authentication vulnerability in IBM API Connect IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. | 8.1 |
| 2018-07-30 | CVE-2018-10847 | Improper Authentication vulnerability in Prosody prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. | 8.8 |
| 2018-07-27 | CVE-2017-2652 | Improper Authentication vulnerability in Jenkins Distributed Fork It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes. | 8.8 |
| 2018-07-27 | CVE-2018-6686 | Improper Authentication vulnerability in Mcafee Drive Encryption Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. | 6.6 |
| 2018-07-26 | CVE-2017-12610 | Improper Authentication vulnerability in Apache Kafka In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka. | 6.8 |
| 2018-07-25 | CVE-2018-11491 | Improper Authentication vulnerability in Asus Hg100 Firmware 1.05.12 ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | 9.8 |
| 2018-07-24 | CVE-2018-8859 | Improper Authentication vulnerability in Echelon products Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. | 9.8 |