Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-22 | CVE-2017-2738 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware V100R001C10B010 VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. | 9.8 |
| 2017-11-22 | CVE-2017-2721 | Improper Authentication vulnerability in Huawei products Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. | 4.6 |
| 2017-11-22 | CVE-2017-8861 | Improper Authentication vulnerability in Cohuhd 3960Hd Firmware Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. | 9.8 |
| 2017-11-21 | CVE-2017-16613 | Improper Authentication vulnerability in multiple products An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. | 9.8 |
| 2017-11-17 | CVE-2017-16566 | Improper Authentication vulnerability in Qacctv Jooan A5 IP Camera Firmware 2.3.36 On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). | 9.8 |
| 2017-11-16 | CVE-2017-12337 | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 9.8 |
| 2017-11-13 | CVE-2017-9314 | Improper Authentication vulnerability in Dahuasecurity products Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. | 8.8 |
| 2017-11-10 | CVE-2017-16634 | Improper Authentication vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 9.8 |
| 2017-11-10 | CVE-2017-16562 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | 9.8 |
| 2017-11-07 | CVE-2017-2914 | Improper Authentication vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. | 8.1 |