Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-2757 | Improper Authentication vulnerability in Kingspan Tms300 CS Firmware Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver. | 9.1 |
| 2022-12-09 | CVE-2022-29838 | Improper Authentication vulnerability in Westerndigital MY Cloud OS Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. | 4.6 |
| 2022-12-09 | CVE-2022-2752 | Improper Authentication vulnerability in Secomea Gatemanager 9.6.621421014 A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. | 7.8 |
| 2022-12-08 | CVE-2022-46829 | Improper Authentication vulnerability in Jetbrains Gateway In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. | 8.8 |
| 2022-12-08 | CVE-2022-39899 | Improper Authentication vulnerability in Google Android Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. | 4.3 |
| 2022-12-08 | CVE-2022-39901 | Improper Authentication vulnerability in Samsung Exynos Firmware Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | 6.5 |
| 2022-12-07 | CVE-2022-40966 | Improper Authentication vulnerability in Buffalo products Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. | 8.8 |
| 2022-12-07 | CVE-2022-42458 | Improper Authentication vulnerability in Shift-Tech Bingo!Cms Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. | 9.8 |
| 2022-12-07 | CVE-2022-44620 | Improper Authentication vulnerability in Unimo products Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | 8.8 |
| 2022-12-06 | CVE-2022-35843 | Improper Authentication vulnerability in Fortinet Fortios and Fortiproxy An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | 9.8 |