Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-1752 Improper Authentication vulnerability in Getnexx products
The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.
network
low complexity
getnexx CWE-287
4.3
2023-04-04 CVE-2021-28235 Improper Authentication vulnerability in Etcd 3.4.10
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
network
low complexity
etcd CWE-287
critical
9.8
2023-03-31 CVE-2023-1784 Improper Authentication vulnerability in Jeecg Boot 3.5.0
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical.
network
low complexity
jeecg CWE-287
critical
9.8
2023-03-31 CVE-2023-28862 Improper Authentication vulnerability in Lemonldap-Ng Lemonldap::Ng
An issue was discovered in LemonLDAP::NG before 2.16.1.
network
low complexity
lemonldap-ng CWE-287
critical
9.8
2023-03-31 CVE-2023-28727 Improper Authentication vulnerability in Panasonic Aiseg2 Firmware 2.00J/2.80F/2.93A
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.
low complexity
panasonic CWE-287
8.8
2023-03-30 CVE-2023-27535 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27536 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27538 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse.
5.5
2023-03-29 CVE-2023-28503 Improper Authentication vulnerability in Rocketsoftware Unidata and Universe
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
network
low complexity
rocketsoftware CWE-287
critical
9.8
2023-03-28 CVE-2023-28398 Improper Authentication vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01
Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system.
network
low complexity
propumpservice CWE-287
critical
9.8