Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2023-45249 | Improper Authentication vulnerability in Acronis Cyber Infrastructure Remote command execution due to use of default passwords. | 9.8 |
| 2024-07-17 | CVE-2024-23470 | The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. | 9.6 |
| 2024-07-17 | CVE-2024-23471 | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. | 9.6 |
| 2024-07-17 | CVE-2024-28992 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. low complexity CWE-287 | 7.6 |
| 2024-07-17 | CVE-2024-6535 | Improper Authentication vulnerability in Redhat Service Interconnect 1.0 A flaw was found in Skupper. | 5.3 |
| 2024-07-15 | CVE-2024-39767 | Improper Authentication vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications. | 6.5 |
| 2024-07-11 | CVE-2024-38433 | Improper Authentication vulnerability in Nuvoton products Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. | 6.7 |
| 2024-07-11 | CVE-2024-6397 | Improper Authentication vulnerability in Instawp Connect The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. | 9.8 |
| 2024-07-08 | CVE-2024-39723 | Improper Authentication vulnerability in IBM Storage Virtualize 8.6 IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. | 4.6 |
| 2024-07-02 | CVE-2024-20889 | Improper Authentication vulnerability in Samsung Android 12.0/13.0/14.0 Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | 4.3 |