Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-22935 | Improper Authentication vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. | 3.7 |
| 2022-03-29 | CVE-2022-1084 | Improper Authentication vulnerability in ONE Church Management System Project ONE Church Management System 1.0 A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. | 9.8 |
| 2022-03-28 | CVE-2022-0342 | Improper Authentication vulnerability in Zyxel products An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | 9.8 |
| 2022-03-28 | CVE-2021-26598 | Improper Authentication vulnerability in Impresscms ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). | 5.3 |
| 2022-03-25 | CVE-2021-26620 | Improper Authentication vulnerability in Iptime products An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. | 7.5 |
| 2022-03-24 | CVE-2021-31326 | Improper Authentication vulnerability in Dlink Dir-816 Firmware 1.10Cnb05 D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | 9.8 |
| 2022-03-23 | CVE-2021-4197 | Improper Authentication vulnerability in multiple products An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. | 7.8 |
| 2022-03-23 | CVE-2022-0996 | Improper Authentication vulnerability in multiple products A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 6.5 |
| 2022-03-23 | CVE-2022-0862 | Improper Authentication vulnerability in Mcafee Epolicy Orchestrator A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. | 5.3 |
| 2022-03-23 | CVE-2021-44759 | Improper Authentication vulnerability in multiple products Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. | 8.1 |