Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-1520 | Improper Authentication vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. | 3.7 |
| 2017-09-12 | CVE-2017-14337 | Improper Authentication vulnerability in Misp-Project Misp When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | 8.1 |
| 2017-09-12 | CVE-2014-9624 | Improper Authentication vulnerability in Mantisbt CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | 7.5 |
| 2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 6.5 |
| 2017-09-11 | CVE-2017-7649 | Improper Authentication vulnerability in Eclipse Kura The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. | 9.8 |
| 2017-09-07 | CVE-2017-12213 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. | 4.3 |
| 2017-09-07 | CVE-2017-14147 | Improper Authentication vulnerability in Fiberhome Adsl An1020-25 Firmware An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. | 9.8 |
| 2017-09-07 | CVE-2015-3442 | Improper Authentication vulnerability in Soreco Xpert.Line 3.0 Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | 9.8 |
| 2017-09-03 | CVE-2017-14117 | Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | 5.9 |
| 2017-09-01 | CVE-2015-7746 | Improper Authentication vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | 9.8 |