Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-24 | CVE-2019-14238 | Improper Authentication vulnerability in ST products On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 6.6 |
| 2019-09-17 | CVE-2019-6832 | Improper Authentication vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | 8.3 |
| 2019-09-17 | CVE-2016-10983 | Improper Authentication vulnerability in Ghost The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. | 6.5 |
| 2019-09-12 | CVE-2019-16261 | Improper Authentication vulnerability in Tripplite Pdumh15At Firmware 12.04.0053 Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. | 9.1 |
| 2019-09-11 | CVE-2019-16250 | Improper Authentication vulnerability in Oceanwp Ocean Extra includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | 7.5 |
| 2019-09-09 | CVE-2019-16190 | Improper Authentication vulnerability in Dlink products SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | 9.8 |
| 2019-09-09 | CVE-2019-5473 | Improper Authentication vulnerability in Gitlab 12.0.4/12.1.2 An authentication issue was discovered in GitLab that allowed a bypass of email verification. | 7.2 |
| 2019-09-09 | CVE-2019-12405 | Improper Authentication vulnerability in Apache Traffic Control 3.0.0/3.0.1 Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. | 9.8 |
| 2019-09-05 | CVE-2019-13188 | Improper Authentication vulnerability in ENG Knowage In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. | 9.8 |
| 2019-09-05 | CVE-2019-13361 | Improper Authentication vulnerability in Smanos W100 Firmware 1.0.0 Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. | 6.5 |