Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-15 | CVE-2018-8715 | Improper Authentication vulnerability in Embedthis Appweb The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. | 8.1 |
| 2018-03-14 | CVE-2018-8710 | Improper Authentication vulnerability in Woocommerce-Filter Woocommerce products Filter A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. | 9.8 |
| 2018-03-14 | CVE-2018-6328 | Improper Authentication vulnerability in Kaseya Unitrends Backup It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. | 9.8 |
| 2018-03-14 | CVE-2018-0886 | Improper Authentication vulnerability in Microsoft products The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". | 7.0 |
| 2018-03-14 | CVE-2018-8096 | Improper Authentication vulnerability in Datalust SEQ Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request. | 9.8 |
| 2018-03-13 | CVE-2018-7750 | Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. | 9.8 |
| 2018-03-13 | CVE-2018-6299 | Improper Authentication vulnerability in Hanwha-Security Snh-V6410Pn Firmware and Snh-V6410Pnw Firmware Authentication bypass in Hanwha Techwin Smartcams | 9.8 |
| 2018-03-13 | CVE-2018-6294 | Improper Authentication vulnerability in Hanwha-Security Snh-V6410Pn Firmware and Snh-V6410Pnw Firmware Unsecured way of firmware update in Hanwha Techwin Smartcams | 9.8 |
| 2018-03-12 | CVE-2018-7749 | Improper Authentication vulnerability in Asyncssh Project Asyncssh The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. | 9.8 |
| 2018-03-11 | CVE-2018-7213 | Improper Authentication vulnerability in Abine Blur 7.8.2424 The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. | 9.8 |