Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-31224 Improper Authentication vulnerability in Jamf
There is broken access control during authentication in Jamf Pro Server before 10.46.1.
network
low complexity
jamf CWE-287
critical
9.8
2023-12-22 CVE-2023-50714 Improper Authentication vulnerability in Yiiframework Yii2-Authclient
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0.
network
low complexity
yiiframework CWE-287
8.8
2023-12-22 CVE-2023-51708 Improper Authentication vulnerability in Bentley products
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure.
network
low complexity
bentley CWE-287
8.6
2023-12-21 CVE-2023-6847 Improper Authentication vulnerability in Github Enterprise Server
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request.
network
low complexity
github CWE-287
7.5
2023-12-18 CVE-2023-6483 Improper Authentication vulnerability in Aditaas Allied Digital Integrated Tool-As-A-Service 5.1
The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API.
network
low complexity
aditaas CWE-287
critical
9.8
2023-12-13 CVE-2023-49646 Improper Authentication vulnerability in Zoom products
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
network
low complexity
zoom CWE-287
6.5
2023-12-13 CVE-2023-45801 Improper Authentication vulnerability in Nadatel products
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.
network
low complexity
nadatel CWE-287
7.5
2023-12-12 CVE-2023-36648 Improper Authentication vulnerability in Prolion Cryptospike 3.0.15
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
network
low complexity
prolion CWE-287
8.2
2023-12-09 CVE-2023-50430 Improper Authentication vulnerability in Goodix Fingerprint Sensor Firmware
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
high complexity
goodix CWE-287
6.4
2023-12-08 CVE-2023-45866 Improper Authentication vulnerability in multiple products
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access.
6.3