Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-34388 | Improper Authentication vulnerability in Selinc Sel-451 Firmware An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | 9.8 |
| 2023-11-30 | CVE-2023-35137 | Improper Authentication vulnerability in Zyxel Nas326 Firmware and Nas542 Firmware An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. | 7.5 |
| 2023-11-28 | CVE-2023-29062 | Improper Authentication vulnerability in BD Facschorus The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. | 3.8 |
| 2023-11-28 | CVE-2023-48121 | Improper Authentication vulnerability in Ezviz products An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices. | 5.3 |
| 2023-11-28 | CVE-2023-41264 | Improper Authentication vulnerability in Netwrix Usercube Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. | 9.8 |
| 2023-11-28 | CVE-2022-41678 | Improper Authentication vulnerability in Apache Activemq Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. | 8.8 |
| 2023-11-27 | CVE-2023-41999 | Improper Authentication vulnerability in Arcserve UDP An authentication bypass exists in Arcserve UDP prior to version 9.2. | 9.8 |
| 2023-11-27 | CVE-2023-6329 | Improper Authentication vulnerability in Controlid Idsecure 4.7.32.0 An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. | 9.8 |
| 2023-11-24 | CVE-2023-48312 | Improper Authentication vulnerability in Clastix Capsule-Proxy capsule-proxy is a reverse proxy for the capsule operator project. | 9.8 |
| 2023-11-22 | CVE-2023-2437 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. | 8.1 |