Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2021-41995 | Improper Authentication vulnerability in Pingidentity Pingid Integration for mac Login A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 7.5 |
| 2022-06-30 | CVE-2022-2197 | Improper Authentication vulnerability in Exemys Rme1 Firmware 2.1.6 By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. | 9.8 |
| 2022-06-30 | CVE-2022-1955 | Improper Authentication vulnerability in Opft Session 1.13.0 Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. | 4.6 |
| 2022-06-30 | CVE-2021-41506 | Improper Authentication vulnerability in Xiongmaitech products Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | 9.8 |
| 2022-06-28 | CVE-2022-29858 | Improper Authentication vulnerability in Silverstripe Assets Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | 4.3 |
| 2022-06-27 | CVE-2022-33202 | Improper Authentication vulnerability in Softcreate L2Blocker 4.8.5 Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. | 8.1 |
| 2022-06-24 | CVE-2022-29578 | Improper Authentication vulnerability in Meridian 22.02/22.03 Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. | 5.3 |
| 2022-06-24 | CVE-2021-41638 | Improper Authentication vulnerability in Melag FTP Server 2.2.0.4 The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | 7.5 |
| 2022-06-23 | CVE-2021-26638 | Improper Authentication vulnerability in Xisnd S&D Smarthome 3.2.48 Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. | 9.8 |
| 2022-06-21 | CVE-2022-29775 | Improper Authentication vulnerability in Ispyconnect Ispy 7.2.2.0 iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | 9.8 |