Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-31224 | Improper Authentication vulnerability in Jamf There is broken access control during authentication in Jamf Pro Server before 10.46.1. | 9.8 |
| 2023-12-22 | CVE-2023-50714 | Improper Authentication vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. | 8.8 |
| 2023-12-22 | CVE-2023-51708 | Improper Authentication vulnerability in Bentley products Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. | 8.6 |
| 2023-12-21 | CVE-2023-6847 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. | 7.5 |
| 2023-12-18 | CVE-2023-6483 | Improper Authentication vulnerability in Aditaas Allied Digital Integrated Tool-As-A-Service 5.1 The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. | 9.8 |
| 2023-12-13 | CVE-2023-49646 | Improper Authentication vulnerability in Zoom products Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | 6.5 |
| 2023-12-13 | CVE-2023-45801 | Improper Authentication vulnerability in Nadatel products Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0. | 7.5 |
| 2023-12-12 | CVE-2023-36648 | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | 8.2 |
| 2023-12-09 | CVE-2023-50430 | Improper Authentication vulnerability in Goodix Fingerprint Sensor Firmware The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint. | 6.4 |
| 2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |