Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-28 | CVE-2022-38753 | Improper Authentication vulnerability in Microfocus Netiq Advanced Authentication This update resolves a multi-factor authentication bypass attack | 6.3 |
| 2022-11-28 | CVE-2022-41912 | Improper Authentication vulnerability in Saml Project Saml The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. | 9.8 |
| 2022-11-27 | CVE-2022-45933 | Improper Authentication vulnerability in Kubeview Project Kubeview KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. | 9.8 |
| 2022-11-25 | CVE-2022-36133 | Improper Authentication vulnerability in Epson products The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | 9.1 |
| 2022-11-23 | CVE-2022-37774 | Improper Authentication vulnerability in Maarch RM There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. | 5.3 |
| 2022-11-22 | CVE-2022-44801 | Improper Authentication vulnerability in Dlink Dir-878 Firmware 1.02B05 D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. | 9.8 |
| 2022-11-22 | CVE-2022-37931 | Improper Authentication vulnerability in HP Nonstop Netbatch-Plus A vulnerability in NetBatch-Plus software allows unauthorized access to the application. | 7.8 |
| 2022-11-22 | CVE-2022-43685 | Improper Authentication vulnerability in Okfn Ckan CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. | 8.8 |
| 2022-11-21 | CVE-2021-24649 | Improper Authentication vulnerability in Wedevs WP User Frontend The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). | 9.8 |
| 2022-11-17 | CVE-2022-43782 | Improper Authentication vulnerability in Atlassian Crowd Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. | 9.8 |