Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-28 | CVE-2022-23555 | Improper Authentication vulnerability in Goauthentik Authentik authentik is an open-source Identity Provider focused on flexibility and versatility. | 8.8 |
| 2022-12-27 | CVE-2020-36569 | Improper Authentication vulnerability in Digitalocean Golang-Nanoauth Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token. | 9.1 |
| 2022-12-27 | CVE-2022-3156 | Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate 20.011/33.00 A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | 7.8 |
| 2022-12-27 | CVE-2022-4722 | Improper Authentication vulnerability in Ikus-Soft Rdiffweb Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. | 7.2 |
| 2022-12-23 | CVE-2022-47633 | Improper Authentication vulnerability in Kyverno 1.8.3/1.8.4 An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. | 8.1 |
| 2022-12-22 | CVE-2022-35646 | Improper Authentication vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. | 5.3 |
| 2022-12-20 | CVE-2022-41590 | Improper Authentication vulnerability in Huawei Harmonyos 3.0.0 Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. | 5.5 |
| 2022-12-20 | CVE-2022-46313 | Improper Authentication vulnerability in Huawei Harmonyos The sensor privacy module has an authentication vulnerability. | 5.3 |
| 2022-12-20 | CVE-2022-46316 | Improper Authentication vulnerability in Huawei Harmonyos 2.0/2.0.0/2.0.1 A thread security vulnerability exists in the authentication process. | 9.8 |
| 2022-12-19 | CVE-2022-3875 | Improper Authentication vulnerability in Clickstudios Passwordstate A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. | 7.5 |