Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-30559 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1
The firmware update package for the wireless card is not properly signed and can be modified.
low complexity
bd CWE-287
5.7
2023-07-13 CVE-2023-34137 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability.
network
low complexity
sonicwall CWE-287
critical
9.8
2023-07-13 CVE-2023-34124 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.
network
low complexity
sonicwall CWE-287
critical
9.8
2023-07-12 CVE-2023-33274 Improper Authentication vulnerability in Voltronicpower Snmp web PRO 1.1
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization.
network
low complexity
voltronicpower CWE-287
critical
9.8
2023-07-11 CVE-2023-3127 Improper Authentication vulnerability in Johnsoncontrols products
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
network
low complexity
johnsoncontrols CWE-287
critical
9.8
2023-07-06 CVE-2023-30675 Improper Authentication vulnerability in Samsung Pass 4.0.05.1
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.
local
low complexity
samsung CWE-287
5.5
2023-06-30 CVE-2023-32620 Improper Authentication vulnerability in Wavlink Wl-Wn531Ax2 Firmware
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
low complexity
wavlink CWE-287
6.5
2023-06-28 CVE-2023-32222 Improper Authentication vulnerability in Dlink Dsl-G256Dg Firmware Bz1.00.27
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
network
low complexity
dlink CWE-287
critical
9.8
2023-06-26 CVE-2023-32523 Improper Authentication vulnerability in Trendmicro Mobile Security 9.8
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
network
low complexity
trendmicro CWE-287
8.8
2023-06-26 CVE-2023-32524 Improper Authentication vulnerability in Trendmicro Mobile Security 9.8
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
network
low complexity
trendmicro CWE-287
8.8