Total
204 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3758 | 1 Rsa | 1 Archer | 2024-09-16 | 9.8 Critical |
| RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | ||||
| CVE-2020-10283 | 1 Dronecode | 1 Micro Air Vehicle Link | 2024-09-16 | 9.8 Critical |
| The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly. | ||||
| CVE-2023-46319 | 1 Wallix | 1 Bastion | 2024-09-12 | 7.5 High |
| WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | ||||
| CVE-2024-41173 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | 7.8 High |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. | ||||
| CVE-2023-39231 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-09-11 | 7.3 High |
| PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | ||||
| CVE-2023-43045 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2024-09-11 | 5.9 Medium |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | ||||
| CVE-2023-4957 | 1 Zebra | 2 Zt410, Zt410 Firmware | 2024-09-05 | 5.4 Medium |
| A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled. | ||||
| CVE-2023-41351 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-09-04 | 9.8 Critical |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. | ||||
| CVE-2024-38437 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2024-08-29 | 9.8 Critical |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | ||||
| CVE-2024-7125 | 1 Hitachi | 1 Ops Center Common Services | 2024-08-28 | 7.8 High |
| Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | ||||
| CVE-2024-7007 | 1 Positron | 2 Tra7005, Tra7005 Firmware | 2024-08-26 | 9.8 Critical |
| Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. | ||||
| CVE-2024-2055 | 2024-08-26 | 9.8 Critical | ||
| The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. | ||||
| CVE-2024-2056 | 2024-08-23 | 9.8 Critical | ||
| Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. | ||||
| CVE-2024-35151 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-08-23 | 6.5 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | ||||
| CVE-2024-28200 | 1 N-able | 1 N-central | 2024-08-22 | 9.1 Critical |
| The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild. | ||||
| CVE-2024-35124 | 1 Ibm | 1 Openbmc | 2024-08-22 | 7.5 High |
| A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. | ||||
| CVE-2024-3496 | 2024-08-19 | 8.8 High | ||
| Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-2012 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 9.1 Critical |
| vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | ||||
| CVE-2024-2013 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 10 Critical |
| An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | ||||
| CVE-2024-7628 | 1 Inspireui | 1 Mstore Api Create Native Android And Ios Apps On The Cloud | 2024-08-15 | 8.1 High |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verify_id_token' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to an @flutter.io email address or phone number. This also requires firebase to be configured on the website and the user to have set up firebase for their account. | ||||