Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2015-3442 | Improper Authentication vulnerability in Soreco Xpert.Line 3.0 Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | 9.8 |
| 2017-09-03 | CVE-2017-14117 | Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | 5.9 |
| 2017-09-01 | CVE-2015-7746 | Improper Authentication vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | 9.8 |
| 2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 8.1 |
| 2017-08-30 | CVE-2017-12698 | Improper Authentication vulnerability in Advantech Webaccess An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 9.8 |
| 2017-08-28 | CVE-2015-8332 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware and Vcm5020 Firmware Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | 8.8 |
| 2017-08-28 | CVE-2015-1401 | Improper Authentication vulnerability in Ldap / SSO Authentication Project Ldap / SSO Authentication 2.0.0 Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | 9.8 |
| 2017-08-25 | CVE-2017-7934 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 5.9 |
| 2017-08-25 | CVE-2017-7930 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 7.4 |
| 2017-08-25 | CVE-2015-3206 | Improper Authentication vulnerability in Apple Pykerberos The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | 8.1 |