Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-49646 Improper Authentication vulnerability in Zoom products
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
network
low complexity
zoom CWE-287
6.5
2023-12-13 CVE-2023-45801 Improper Authentication vulnerability in Nadatel products
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.
network
low complexity
nadatel CWE-287
7.5
2023-12-12 CVE-2023-36648 Improper Authentication vulnerability in Prolion Cryptospike 3.0.15
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
network
low complexity
prolion CWE-287
8.2
2023-12-09 CVE-2023-50430 Improper Authentication vulnerability in Goodix Fingerprint Sensor Firmware
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
high complexity
goodix CWE-287
6.4
2023-12-08 CVE-2023-45866 Improper Authentication vulnerability in multiple products
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access.
6.3
2023-12-08 CVE-2023-43742 Improper Authentication vulnerability in Zultys products
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function.
network
low complexity
zultys CWE-287
critical
9.8
2023-12-06 CVE-2023-36655 Improper Authentication vulnerability in Prolion Cryptospike 3.0.15
The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.
network
low complexity
prolion CWE-287
critical
9.8
2023-12-06 CVE-2023-6514 Improper Authentication vulnerability in Huawei Ajmd-370S Firmware 103.1.0.110(Sp12C00E2R1P2)
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability.
low complexity
huawei CWE-287
8.8
2023-12-05 CVE-2023-5970 Improper Authentication vulnerability in Sonicwall products
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
network
low complexity
sonicwall CWE-287
8.8
2023-12-05 CVE-2023-47304 Improper Authentication vulnerability in Vonage Vdv23 Firmware Vdv213.2.110.5.1
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.
local
low complexity
vonage CWE-287
7.8