Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-9316 | Improper Authentication vulnerability in Dahuasecurity products Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. | 6.5 |
| 2017-11-27 | CVE-2017-0910 | Improper Authentication vulnerability in Zulip Server In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | 8.8 |
| 2017-11-27 | CVE-2017-8028 | Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. | 8.1 |
| 2017-11-22 | CVE-2017-8214 | Improper Authentication vulnerability in Huawei products Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. | 6.2 |
| 2017-11-22 | CVE-2017-8195 | Improper Authentication vulnerability in Huawei Fusionsphere Openstack V100R006C00Spc102(Nfv) The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-8194 | Improper Authentication vulnerability in Huawei Fusionsphere Openstack V100R006C00Spc102(Nfv) The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-8151 | Improper Authentication vulnerability in Huawei Honor 5S Firmware Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. | 6.8 |
| 2017-11-22 | CVE-2017-2738 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware V100R001C10B010 VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. | 9.8 |
| 2017-11-22 | CVE-2017-2721 | Improper Authentication vulnerability in Huawei products Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. | 4.6 |
| 2017-11-22 | CVE-2017-8861 | Improper Authentication vulnerability in Cohuhd 3960Hd Firmware Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. | 9.8 |