Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-07 | CVE-2017-17430 | Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 9.8 |
| 2017-12-07 | CVE-2017-17435 | Improper Authentication vulnerability in Vaulteksafe Vt20I Firmware An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. | 8.8 |
| 2017-12-05 | CVE-2017-14018 | Improper Authentication vulnerability in Ethicon Endo-Surgery Generator Gen11 Firmware An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. | 4.8 |
| 2017-12-01 | CVE-2017-16953 | Improper Authentication vulnerability in ZTE Zxdsl 831Cii Firmware connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | 7.5 |
| 2017-12-01 | CVE-2017-10903 | Improper Authentication vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012 Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | 9.8 |
| 2017-11-29 | CVE-2017-14377 | Improper Authentication vulnerability in RSA Authentication Agent for web 8.0/8.0.1 EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. | 9.8 |
| 2017-11-29 | CVE-2017-13872 | Improper Authentication vulnerability in Apple mac OS X 10.13.0/10.13.1 An issue was discovered in certain Apple products. | 8.1 |
| 2017-11-27 | CVE-2017-9316 | Improper Authentication vulnerability in Dahuasecurity products Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. | 6.5 |
| 2017-11-27 | CVE-2017-0910 | Improper Authentication vulnerability in Zulip Server In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | 8.8 |
| 2017-11-27 | CVE-2017-8028 | Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. | 8.1 |