Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-13 | CVE-2023-30559 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The firmware update package for the wireless card is not properly signed and can be modified. | 5.7 |
2023-07-13 | CVE-2023-34137 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |
2023-07-13 | CVE-2023-34124 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |
2023-07-12 | CVE-2023-33274 | Improper Authentication vulnerability in Voltronicpower Snmp web PRO 1.1 The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. | 9.8 |
2023-07-11 | CVE-2023-3127 | Improper Authentication vulnerability in Johnsoncontrols products An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | 9.8 |
2023-07-06 | CVE-2023-30675 | Improper Authentication vulnerability in Samsung Pass 4.0.05.1 Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. | 5.5 |
2023-06-30 | CVE-2023-32620 | Improper Authentication vulnerability in Wavlink Wl-Wn531Ax2 Firmware Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | 6.5 |
2023-06-28 | CVE-2023-32222 | Improper Authentication vulnerability in Dlink Dsl-G256Dg Firmware Bz1.00.27 D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | 9.8 |
2023-06-26 | CVE-2023-32523 | Improper Authentication vulnerability in Trendmicro Mobile Security 9.8 Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | 8.8 |
2023-06-26 | CVE-2023-32524 | Improper Authentication vulnerability in Trendmicro Mobile Security 9.8 Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | 8.8 |