Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2024-1039 | Improper Authentication vulnerability in Gesslergmbh Web-Master Firmware 7.9 Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. | 9.8 |
2024-01-31 | CVE-2024-23637 | Improper Authentication vulnerability in Octoprint OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. | 4.9 |
2024-01-30 | CVE-2023-51982 | Improper Authentication vulnerability in Cratedb 5.5.1 CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. | 9.8 |
2024-01-29 | CVE-2024-23792 | Improper Authentication vulnerability in Otrs When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. | 6.5 |
2024-01-26 | CVE-2024-23629 | Improper Authentication vulnerability in Motorola Mr2600 Firmware An authentication bypass vulnerability exists in the web component of the Motorola MR2600. | 7.5 |
2024-01-25 | CVE-2024-0822 | Improper Authentication vulnerability in Ovirt Ovirt-Engine An authentication bypass vulnerability was found in overt-engine. | 7.5 |
2024-01-23 | CVE-2023-50275 | Improper Authentication vulnerability in HP Oneview HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. | 7.5 |
2024-01-23 | CVE-2024-23219 | Improper Authentication vulnerability in Apple Ipados The issue was addressed with improved authentication. | 6.2 |
2024-01-13 | CVE-2023-46942 | Improper Authentication vulnerability in Evershop 1.0.0 Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | 7.5 |
2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |