Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-19 | CVE-2015-6926 | Improper Authentication vulnerability in Oxid-Esales Eshop The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | 7.5 |
| 2018-01-15 | CVE-2018-5328 | Improper Authentication vulnerability in Beims Contractorweb.Net 5.18.0.0 ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | 9.8 |
| 2018-01-12 | CVE-2014-6436 | Improper Authentication vulnerability in Aztech products Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | 9.8 |
| 2018-01-12 | CVE-2014-6435 | Improper Authentication vulnerability in Aztech products cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | 7.5 |
| 2018-01-10 | CVE-2018-0008 | Improper Authentication vulnerability in Juniper Junos An unauthenticated root login may allow upon reboot when a commit script is used. | 6.2 |
| 2018-01-10 | CVE-2017-3765 | Improper Authentication vulnerability in Lenovo Enterprise Network Operating System 8.4.0.0 In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. | 7.0 |
| 2018-01-09 | CVE-2017-12695 | Improper Authentication vulnerability in GM Shanghai Onstar 7.1 An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. | 8.8 |
| 2018-01-08 | CVE-2017-15883 | Improper Authentication vulnerability in Progress Sitefinity Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | 9.8 |
| 2018-01-08 | CVE-2018-3815 | Improper Authentication vulnerability in Stalker Communigate PRO 6.2 The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. | 5.7 |
| 2018-01-05 | CVE-2017-15548 | Improper Authentication vulnerability in EMC products An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. | 9.8 |