Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-27 | CVE-2015-1778 | Improper Authentication vulnerability in Opendaylight The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | 9.8 |
| 2017-06-21 | CVE-2017-4989 | Improper Authentication vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. | 9.8 |
| 2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |
| 2017-06-20 | CVE-2017-3745 | Improper Authentication vulnerability in Lenovo Xclarity Administrator In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. | 7.8 |
| 2017-06-13 | CVE-2017-9552 | Improper Authentication vulnerability in Synology Photo Station A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. | 7.8 |
| 2017-06-11 | CVE-2017-9542 | Improper Authentication vulnerability in D-Link Dir-615 Firmware D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. | 9.8 |
| 2017-06-09 | CVE-2016-7836 | Improper Authentication vulnerability in Skygroup Skysea Client View 1.020.05B/11.221.03 SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. | 9.8 |
| 2017-06-08 | CVE-2015-2800 | Improper Authentication vulnerability in Huawei products The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 7.5 |
| 2017-06-07 | CVE-2017-7314 | Improper Authentication vulnerability in Personify Personify360 E-Business An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. | 7.5 |
| 2017-06-06 | CVE-2014-8180 | Improper Authentication vulnerability in Mongodb MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | 5.5 |