Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2015-6237 | Improper Authentication vulnerability in Tripwire Ip360 7.2.2/7.2.4/7.2.5 The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | 9.8 |
| 2017-12-21 | CVE-2015-7224 | Improper Authentication vulnerability in Puppet Puppetlabs-Mysql puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | 9.8 |
| 2017-12-20 | CVE-2017-17777 | Improper Authentication vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | 9.8 |
| 2017-12-12 | CVE-2017-17560 | Improper Authentication vulnerability in Westerndigital MY Cloud Pr4100 Firmware 2.30.172 An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. | 9.8 |
| 2017-12-12 | CVE-2017-16689 | Improper Authentication vulnerability in SAP Kernel A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | 8.8 |
| 2017-12-12 | CVE-2017-16684 | Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30 SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | 9.8 |
| 2017-12-07 | CVE-2017-17430 | Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 9.8 |
| 2017-12-07 | CVE-2017-17435 | Improper Authentication vulnerability in Vaulteksafe Vt20I Firmware An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. | 8.8 |
| 2017-12-05 | CVE-2017-14018 | Improper Authentication vulnerability in Ethicon Endo-Surgery Generator Gen11 Firmware An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. | 4.8 |
| 2017-12-01 | CVE-2017-16953 | Improper Authentication vulnerability in ZTE Zxdsl 831Cii Firmware connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | 7.5 |