Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-9148 | Improper Authentication vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. | 9.8 |
| 2018-03-30 | CVE-2017-14911 | Improper Authentication vulnerability in Qualcomm products In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. | 9.8 |
| 2018-03-29 | CVE-2018-4841 | Improper Authentication vulnerability in Siemens TIM 1531 IRC Firmware A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). | 9.8 |
| 2018-03-28 | CVE-2018-0195 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. | 8.8 |
| 2018-03-28 | CVE-2018-0163 | Improper Authentication vulnerability in Cisco IOS A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. | 6.5 |
| 2018-03-28 | CVE-2018-5451 | Improper Authentication vulnerability in Philips Alice 6 Firmware R8.0.2 In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. | 9.8 |
| 2018-03-27 | CVE-2018-9105 | Improper Authentication vulnerability in Nordvpn 3.3.10 NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. | 8.8 |
| 2018-03-27 | CVE-2018-1237 | Improper Authentication vulnerability in Dell EMC Scaleio Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). | 9.8 |
| 2018-03-27 | CVE-2015-4987 | Improper Authentication vulnerability in IBM Tealeaf Customer Experience The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. | 6.5 |
| 2018-03-27 | CVE-2018-9032 | Improper Authentication vulnerability in Dlink Dir-850L Firmware An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | 9.8 |