Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-31463 | Improper Authentication vulnerability in Owllabs Meeting OWL PRO Firmware 5.2.0.15 Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. | 7.1 |
| 2022-06-02 | CVE-2022-26975 | Improper Authentication vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | 7.5 |
| 2022-06-02 | CVE-2022-30034 | Improper Authentication vulnerability in Flower Project Flower Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. | 8.6 |
| 2022-05-26 | CVE-2022-26724 | Improper Authentication vulnerability in Apple Tvos An authentication issue was addressed with improved state management. | 5.5 |
| 2022-05-26 | CVE-2022-24422 | Improper Authentication vulnerability in Dell Idrac9 Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. | 9.8 |
| 2022-05-26 | CVE-2022-26865 | Improper Authentication vulnerability in Dell Supportassist OS Recovery 5.5.1 Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. | 6.8 |
| 2022-05-24 | CVE-2021-4230 | Improper Authentication vulnerability in Airfield Online Project Airfield Online A vulnerability has been found in Airfield Online and classified as problematic. | 7.5 |
| 2022-05-24 | CVE-2022-0910 | Improper Authentication vulnerability in Zyxel products A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | 6.5 |
| 2022-05-20 | CVE-2021-30028 | Improper Authentication vulnerability in Sooteway Wi-Fi Range Extender Project Sooteway Wi-Fi Range Extender 1.5 SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely. | 7.2 |
| 2022-05-20 | CVE-2022-28106 | Improper Authentication vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. | 9.8 |