Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-51708 | Improper Authentication vulnerability in Bentley products Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. | 8.6 |
| 2023-12-21 | CVE-2023-6847 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. | 7.5 |
| 2023-12-18 | CVE-2023-6483 | Improper Authentication vulnerability in Aditaas Allied Digital Integrated Tool-As-A-Service 5.1 The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. | 9.8 |
| 2023-12-13 | CVE-2023-49646 | Improper Authentication vulnerability in Zoom products Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | 6.5 |
| 2023-12-13 | CVE-2023-45801 | Improper Authentication vulnerability in Nadatel products Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0. | 7.5 |
| 2023-12-12 | CVE-2023-36648 | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | 8.2 |
| 2023-12-09 | CVE-2023-50430 | Improper Authentication vulnerability in Goodix Fingerprint Sensor Firmware The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint. | 6.4 |
| 2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |
| 2023-12-08 | CVE-2023-43742 | Improper Authentication vulnerability in Zultys products An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. | 9.8 |
| 2023-12-06 | CVE-2023-36655 | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. | 9.8 |