Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-23632 | Improper Authentication vulnerability in Beyondtrust Privileged Remote Access BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. | 7.8 |
| 2023-10-11 | CVE-2023-24479 | Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. | 9.8 |
| 2023-10-04 | CVE-2021-3784 | Improper Authentication vulnerability in Garudalinux Garuda Linux Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. | 7.0 |
| 2023-10-04 | CVE-2023-40376 | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
| 2023-10-03 | CVE-2023-28540 | Improper Authentication vulnerability in Qualcomm products Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | 7.5 |
| 2023-10-03 | CVE-2023-26150 | Improper Authentication vulnerability in Freeopcua Opcua-Asyncio Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | 7.5 |
| 2023-10-03 | CVE-2023-42771 | Improper Authentication vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. | 8.8 |
| 2023-09-27 | CVE-2023-20252 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager 20.11.1.2/20.9.3.2 A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. | 9.8 |
| 2023-09-27 | CVE-2023-41904 | Improper Authentication vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 5.4 |
| 2023-09-20 | CVE-2023-31015 | Improper Authentication vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. | 7.8 |