Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-13 | CVE-2023-44252 | Improper Authentication vulnerability in Fortinet Fortiwan ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values. | 8.8 |
| 2023-12-13 | CVE-2023-45801 | Improper Authentication vulnerability in Nadatel products Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0. | 7.5 |
| 2023-12-12 | CVE-2023-36648 | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | 8.2 |
| 2023-12-09 | CVE-2023-50430 | Improper Authentication vulnerability in Goodix Fingerprint Sensor Firmware The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint. | 6.4 |
| 2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |
| 2023-12-08 | CVE-2023-43742 | Improper Authentication vulnerability in Zultys products An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. | 9.8 |
| 2023-12-06 | CVE-2023-36655 | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. | 9.8 |
| 2023-12-06 | CVE-2023-6514 | Improper Authentication vulnerability in Huawei Ajmd-370S Firmware 103.1.0.110(Sp12C00E2R1P2) The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. | 8.8 |
| 2023-12-05 | CVE-2023-5970 | Improper Authentication vulnerability in Sonicwall products Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | 8.8 |
| 2023-12-05 | CVE-2023-47304 | Improper Authentication vulnerability in Vonage Vdv23 Firmware Vdv213.2.110.5.1 An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. | 7.8 |