Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-30 | CVE-2023-32620 | Improper Authentication vulnerability in Wavlink Wl-Wn531Ax2 Firmware Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | 6.5 |
| 2023-06-28 | CVE-2023-32222 | Improper Authentication vulnerability in Dlink Dsl-G256Dg Firmware Bz1.00.27 D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | 9.8 |
| 2023-06-26 | CVE-2023-32523 | Improper Authentication vulnerability in Trendmicro Mobile Security 9.8 Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | 8.8 |
| 2023-06-26 | CVE-2023-32524 | Improper Authentication vulnerability in Trendmicro Mobile Security 9.8 Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | 8.8 |
| 2023-06-22 | CVE-2023-3326 | Improper Authentication vulnerability in Freebsd pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. | 9.8 |
| 2023-06-19 | CVE-2022-48494 | Improper Authentication vulnerability in Huawei Emui Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 7.5 |
| 2023-06-19 | CVE-2022-48496 | Improper Authentication vulnerability in Huawei Emui Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 7.5 |
| 2023-06-16 | CVE-2023-30223 | Improper Authentication vulnerability in 4D Server 17/18/19 A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. | 7.5 |
| 2023-06-14 | CVE-2023-34367 | Improper Authentication vulnerability in Microsoft Windows 7 Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. | 6.5 |
| 2023-06-13 | CVE-2023-2638 | Improper Authentication vulnerability in Rockwellautomation products Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. | 5.0 |