CWE-287

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS’s SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.