Vulnerabilities (CVE)

Filtered by CWE-287
Total 3371 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1065 1 Snyk 1 Kubernetes Monitor 2024-11-21 N/A 6.5 MEDIUM
This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case).
CVE-2023-0905 1 Employee Task Management System Project 1 Employee Task Management System 2024-11-21 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.
CVE-2023-0863 1 Abb 16 Terra Ac Wallbox 80a, Terra Ac Wallbox 80a Firmware, Terra Ac Wallbox Ce Juno and 13 more 2024-11-21 N/A 8.8 HIGH
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
CVE-2023-0858 1 Canon 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more 2024-11-21 N/A 3.1 LOW
Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
CVE-2023-0813 1 Redhat 2 Enterprise Linux, Network Observability 2024-11-21 N/A 7.5 HIGH
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
CVE-2023-0773 1 Uniview 2 Ipc322lb-sf28-a, Ipc322lb-sf28-a Firmware 2024-11-21 N/A 9.1 CRITICAL
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
CVE-2023-0311 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 N/A 9.8 CRITICAL
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0264 1 Redhat 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more 2024-11-21 N/A 5.0 MEDIUM
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
CVE-2023-0228 1 Abb 1 Symphony Plus S\+ Operations 2024-11-21 N/A 8.8 HIGH
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.
CVE-2023-0209 1 Nvidia 2 Dgx-1, Sbios 2024-11-21 N/A 8.2 HIGH
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.
CVE-2023-0117 1 Huawei 1 Emui 2024-11-21 N/A 5.3 MEDIUM
The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.
CVE-2023-0105 1 Redhat 2 Keycloak, Single Sign-on 2024-11-21 N/A 6.5 MEDIUM
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
CVE-2022-4874 1 Netcommwireless 6 Nf20, Nf20 Firmware, Nf20mesh and 3 more 2024-11-21 N/A 7.5 HIGH
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
CVE-2022-4861 1 M-files 1 M-files Client 2024-11-21 N/A 4.8 MEDIUM
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
CVE-2022-4722 1 Ikus-soft 1 Rdiffweb 2024-11-21 N/A 7.2 HIGH
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVE-2022-4126 4 Abb, Apple, Linux and 1 more 4 Rccmd, Macos, Linux Kernel and 1 more 2024-11-21 N/A 9.6 CRITICAL
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
CVE-2022-48496 1 Huawei 1 Emui 2024-11-21 N/A 7.5 HIGH
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48494 1 Huawei 1 Emui 2024-11-21 N/A 7.5 HIGH
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48294 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 7.5 HIGH
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48195 1 Mellium 1 Sasl 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.