Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2016-10434 | Improper Authentication vulnerability in Qualcomm SD 820 Firmware and SD 820A Firmware In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. | 7.5 |
| 2018-04-17 | CVE-2017-2871 | Improper Authentication vulnerability in Foscam C1 Firmware 2.52.2.43 Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. | 8.8 |
| 2018-04-13 | CVE-2018-6547 | Improper Authentication vulnerability in Plays.Tv plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. | 9.1 |
| 2018-04-13 | CVE-2018-6546 | Improper Authentication vulnerability in Plays.Tv plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. | 9.8 |
| 2018-04-13 | CVE-2017-0356 | Improper Authentication vulnerability in multiple products A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 9.8 |
| 2018-04-13 | CVE-2016-9646 | Improper Authentication vulnerability in multiple products ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. | 5.3 |
| 2018-04-10 | CVE-2014-3999 | Improper Authentication vulnerability in Horde Ldap The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | 8.1 |
| 2018-04-05 | CVE-2016-8380 | Improper Authentication vulnerability in Phoenixcontact ILC Plcs Firmware The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | 7.3 |
| 2018-04-05 | CVE-2016-8371 | Improper Authentication vulnerability in Phoenixcontact ILC Plcs Firmware The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | 7.3 |
| 2018-04-04 | CVE-2018-1082 | Improper Authentication vulnerability in Moodle A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. | 8.1 |