Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-20 | CVE-2017-3745 | Improper Authentication vulnerability in Lenovo Xclarity Administrator In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. | 7.8 |
| 2017-06-13 | CVE-2017-9552 | Improper Authentication vulnerability in Synology Photo Station A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. | 7.8 |
| 2017-06-11 | CVE-2017-9542 | Improper Authentication vulnerability in D-Link Dir-615 Firmware D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. | 9.8 |
| 2017-06-09 | CVE-2016-7836 | Improper Authentication vulnerability in Skygroup Skysea Client View 1.020.05B/11.221.03 SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. | 9.8 |
| 2017-06-08 | CVE-2015-2800 | Improper Authentication vulnerability in Huawei products The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 7.5 |
| 2017-06-07 | CVE-2017-7314 | Improper Authentication vulnerability in Personify Personify360 E-Business An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. | 7.5 |
| 2017-06-06 | CVE-2014-8180 | Improper Authentication vulnerability in Mongodb MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | 5.5 |
| 2017-06-06 | CVE-2014-9952 | Improper Authentication vulnerability in Google Android In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | 7.8 |
| 2017-05-29 | CVE-2017-9148 | Improper Authentication vulnerability in Freeradius The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | 9.8 |
| 2017-05-25 | CVE-2014-3527 | Improper Authentication vulnerability in VMWare Spring Security When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. | 9.8 |