Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-26 | CVE-2017-15534 | Improper Authentication vulnerability in Symantec Norton APP Lock The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. | 6.7 |
| 2018-03-26 | CVE-2018-1312 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. | 9.8 |
| 2018-03-22 | CVE-2018-7532 | Improper Authentication vulnerability in Geutebrueck G-Cam/Efd-2250 Firmware and Topfd-2125 Firmware Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. | 9.8 |
| 2018-03-22 | CVE-2017-16242 | Improper Authentication vulnerability in Meco USB Memory Stick With Fingerprint Firwmare An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. | 6.8 |
| 2018-03-22 | CVE-2017-17743 | Improper Authentication vulnerability in Ucopia Wireless Appliance Firmware 5.0/5.1/5.1.0 Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. | 6.7 |
| 2018-03-16 | CVE-2016-9880 | Improper Authentication vulnerability in Pivotal Software Gemfire for Pivotal Cloud Foundry 1.7.0 The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. | 9.8 |
| 2018-03-15 | CVE-2018-8715 | Improper Authentication vulnerability in Embedthis Appweb The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. | 8.1 |
| 2018-03-14 | CVE-2018-8710 | Improper Authentication vulnerability in Woocommerce-Filter Woocommerce products Filter A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. | 9.8 |
| 2018-03-14 | CVE-2018-6328 | Improper Authentication vulnerability in Kaseya Unitrends Backup It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. | 9.8 |
| 2018-03-14 | CVE-2018-0886 | Improper Authentication vulnerability in Microsoft products The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". | 7.0 |