Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2022-4722 Improper Authentication vulnerability in Ikus-Soft Rdiffweb
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.
network
low complexity
ikus-soft CWE-287
7.2
2022-12-23 CVE-2022-47633 Improper Authentication vulnerability in Kyverno 1.8.3/1.8.4
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster.
network
high complexity
kyverno CWE-287
8.1
2022-12-22 CVE-2022-35646 Improper Authentication vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques.
network
high complexity
ibm CWE-287
5.3
2022-12-20 CVE-2022-41590 Improper Authentication vulnerability in Huawei Harmonyos 3.0.0
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed.
local
low complexity
huawei CWE-287
5.5
2022-12-20 CVE-2022-46313 Improper Authentication vulnerability in Huawei Harmonyos
The sensor privacy module has an authentication vulnerability.
network
low complexity
huawei CWE-287
5.3
2022-12-20 CVE-2022-46316 Improper Authentication vulnerability in Huawei Harmonyos 2.0/2.0.0/2.0.1
A thread security vulnerability exists in the authentication process.
network
low complexity
huawei CWE-287
critical
9.8
2022-12-19 CVE-2022-3875 Improper Authentication vulnerability in Clickstudios Passwordstate
A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome.
network
low complexity
clickstudios CWE-287
7.5
2022-12-19 CVE-2022-42453 Improper Authentication vulnerability in Hcltech Bigfix Platform
There are insufficient warnings when a Fixlet is imported by a user.
network
low complexity
hcltech CWE-287
6.5
2022-12-16 CVE-2022-47209 Improper Authentication vulnerability in Netgear Rax30 Firmware
A support user exists on the device and appears to be a backdoor for Technical Support staff.
low complexity
netgear CWE-287
8.8
2022-12-16 CVE-2021-35252 Improper Authentication vulnerability in Solarwinds Serv-U
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server.
network
low complexity
solarwinds CWE-287
7.5