Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-23769 | Improper Authentication vulnerability in Megazone Reversewall-Mds 3.8A007 Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. | 9.8 |
| 2022-10-17 | CVE-2022-2533 | Improper Authentication vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. | 7.4 |
| 2022-10-14 | CVE-2022-41436 | Improper Authentication vulnerability in Oxhoo Tp50 Firmware Oxh1.50 An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | 9.1 |
| 2022-10-14 | CVE-2022-42463 | Improper Authentication vulnerability in Openharmony 3.1/3.1.1/3.1.2 OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. | 8.8 |
| 2022-10-13 | CVE-2022-35135 | Improper Authentication vulnerability in Boodskap IOT Platform 4.4.902 Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | 8.8 |
| 2022-10-12 | CVE-2021-36369 | Improper Authentication vulnerability in multiple products An issue was discovered in Dropbear through 2020.81. | 7.5 |
| 2022-10-07 | CVE-2022-21936 | Improper Authentication vulnerability in Johnsoncontrols Metasys Extended Application and Data Server 12.0 On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | 6.5 |
| 2022-10-06 | CVE-2022-40494 | Improper Authentication vulnerability in NPS Project NPS NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. | 9.8 |
| 2022-09-30 | CVE-2022-20662 | Improper Authentication vulnerability in Cisco DUO 1.1.0/1.1.1/2.0 A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. | 6.8 |
| 2022-09-29 | CVE-2022-39250 | Improper Authentication vulnerability in Matrix Javascript SDK Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. | 7.5 |