Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-07 | CVE-2024-36132 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | 7.5 |
2024-07-31 | CVE-2019-6197 | Improper Authentication vulnerability in Lenovo Pcmanager 2.6.40.3154 A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | 7.8 |
2024-07-31 | CVE-2019-6198 | Improper Authentication vulnerability in Lenovo Pcmanager 2.6.40.3154 A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | 7.8 |
2024-07-25 | CVE-2024-41800 | Improper Authentication vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). | 7.5 |
2024-07-24 | CVE-2023-45249 | Improper Authentication vulnerability in Acronis Cyber Infrastructure Remote command execution due to use of default passwords. | 9.8 |
2024-07-22 | CVE-2024-41829 | Improper Authentication vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | 7.5 |
2024-07-17 | CVE-2024-23465 | Improper Authentication vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. | 9.8 |
2024-07-17 | CVE-2024-6535 | Improper Authentication vulnerability in Redhat Service Interconnect 1.0 A flaw was found in Skupper. | 5.3 |
2024-07-15 | CVE-2024-39767 | Improper Authentication vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications. | 6.5 |
2024-07-11 | CVE-2024-38433 | Improper Authentication vulnerability in Nuvoton products Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. | 6.7 |