Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2023-39196 | Improper Authentication vulnerability in Apache Ozone 1.2.0/1.2.1/1.3.0 Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | 5.3 |
| 2024-02-06 | CVE-2024-24592 | Improper Authentication vulnerability in Clear Clearml Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. | 9.8 |
| 2024-02-06 | CVE-2024-20815 | Improper Authentication vulnerability in Samsung Android 11.0/12.0 Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | 6.5 |
| 2024-02-06 | CVE-2024-20816 | Improper Authentication vulnerability in Samsung Android 11.0/12.0 Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | 6.5 |
| 2024-02-02 | CVE-2023-39303 | Improper Authentication vulnerability in Qnap Qts, Quts Hero and Qutscloud An improper authentication vulnerability has been reported to affect several QNAP operating system versions. | 9.8 |
| 2024-02-02 | CVE-2023-50934 | Improper Authentication vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. | 5.3 |
| 2024-02-01 | CVE-2023-47256 | Improper Authentication vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | 5.5 |
| 2024-02-01 | CVE-2024-1039 | Improper Authentication vulnerability in Gesslergmbh Web-Master Firmware 7.9 Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. | 9.8 |
| 2024-01-31 | CVE-2024-23637 | Improper Authentication vulnerability in Octoprint OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. | 4.9 |
| 2024-01-30 | CVE-2024-23647 | Improper Authentication vulnerability in Goauthentik Authentik Authentik is an open-source Identity Provider. | 8.8 |