Vulnerabilities (CVE)

Filtered by CWE-287
Total 4202 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-21467 1 Samsung 1 Exynos 2026-06-17 N/A 4.6 MEDIUM
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
CVE-2023-21466 1 Samsung 1 Android 2026-06-17 N/A 5.3 MEDIUM
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
CVE-2023-21460 1 Samsung 1 Android 2026-06-17 N/A 4.4 MEDIUM
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
CVE-2023-21437 1 Samsung 1 Android 2026-06-17 N/A 4.0 MEDIUM
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
CVE-2023-21425 1 Samsung 1 Android 2026-06-17 N/A 4.3 MEDIUM
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
CVE-2023-21307 1 Google 1 Android 2026-06-17 N/A 5.0 MEDIUM
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2023-21297 1 Google 1 Android 2026-06-17 N/A 4.4 MEDIUM
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21027 1 Google 1 Android 2026-06-17 N/A 7.5 HIGH
In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451
CVE-2023-20924 1 Google 1 Android 2026-06-17 N/A 6.8 MEDIUM
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
CVE-2023-20867 3 Debian, Fedoraproject, Vmware 3 Debian Linux, Fedora, Tools 2026-06-17 N/A 3.9 LOW
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CVE-2023-20252 1 Cisco 1 Catalyst Sd-wan Manager 2026-06-17 N/A 9.8 CRITICAL
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.
CVE-2023-20214 1 Cisco 2 Catalyst Sd-wan Manager, Sd-wan Vmanage 2026-06-17 N/A 9.1 CRITICAL
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.
CVE-2023-20012 1 Cisco 11 Nexus 93180yc-fx3, Nexus 93180yc-fx3 Firmware, Nexus 93180yc-fx3s and 8 more 2026-06-17 N/A 5.3 MEDIUM
A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.
CVE-2023-1980 1 Devolutions 1 Remote Desktop Manager 2026-06-17 N/A 6.5 MEDIUM
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
CVE-2023-1935 1 Emerson 10 Dl8000, Dl8000 Firmware, Roc809 and 7 more 2026-06-17 N/A 9.4 CRITICAL
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.
CVE-2023-1784 1 Jeecg 1 Jeecg Boot 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.
CVE-2023-1752 1 Getnexx 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more 2026-06-17 N/A 8.1 HIGH
The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.
CVE-2023-1617 1 Br-automation 1 Vc4 2026-06-17 N/A 9.8 CRITICAL
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.
CVE-2023-1477 1 Hypr 1 Keycloak Authenticator 2026-06-17 N/A 7.2 HIGH
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.
CVE-2023-1464 1 Medicine Tracker System Project 1 Medicine Tracker System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311.