Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2018-7791 | Improper Authentication vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 9.8 |
| 2018-08-29 | CVE-2018-14805 | Improper Authentication vulnerability in Hitachienergy Esoms 6.0.2 ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. | 9.8 |
| 2018-08-29 | CVE-2018-15727 | Improper Authentication vulnerability in multiple products Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | 9.8 |
| 2018-08-24 | CVE-2017-9820 | Improper Authentication vulnerability in Npci Bharat Interface for Money (Bhim) 1.3 The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication. | 9.8 |
| 2018-08-24 | CVE-2017-9819 | Improper Authentication vulnerability in Npci Bharat Interface for Money (Bhim) 1.3 The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication. | 9.8 |
| 2018-08-23 | CVE-2018-14786 | Improper Authentication vulnerability in BD products Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. | 9.4 |
| 2018-08-23 | CVE-2018-1999045 | Improper Authentication vulnerability in Jenkins A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. | 5.4 |
| 2018-08-23 | CVE-2017-16348 | Improper Authentication vulnerability in Insteon HUB Firmware 1012 An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. | 7.5 |
| 2018-08-21 | CVE-2018-15667 | Improper Authentication vulnerability in Airmailapp Airmail 3.3.5.9 An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. | 7.5 |
| 2018-08-21 | CVE-2018-15598 | Improper Authentication vulnerability in Traefik Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable. | 7.5 |