Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2016-1219 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 9.8 |
| 2017-04-19 | CVE-2016-5410 | Improper Authentication vulnerability in multiple products firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | 5.5 |
| 2017-04-12 | CVE-2017-7284 | Improper Authentication vulnerability in Unitrends Enterprise Backup An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. | 8.8 |
| 2017-04-12 | CVE-2017-7588 | Improper Authentication vulnerability in Brother products On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. | 9.8 |
| 2017-04-11 | CVE-2016-1908 | Improper Authentication vulnerability in multiple products The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | 9.8 |
| 2017-04-10 | CVE-2016-5068 | Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | 9.8 |
| 2017-04-10 | CVE-2015-2880 | Improper Authentication vulnerability in Trendnet Tv-Ip743Sic TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | 8.8 |
| 2017-04-07 | CVE-2007-6760 | Improper Authentication vulnerability in Dataprobe Ibootbar Firmware 20070920 Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | 9.8 |
| 2017-04-07 | CVE-2007-6759 | Improper Authentication vulnerability in Dataprobe Ibootbar Firmware 20070920 Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | 9.8 |
| 2017-04-05 | CVE-2017-7450 | Improper Authentication vulnerability in Airtame Hdmi Dongle Firmware 2.1.1 AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. | 9.8 |