Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-0547 Improper Authentication vulnerability in multiple products
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
network
low complexity
openvpn fedoraproject debian CWE-287
critical
9.8
2022-03-18 CVE-2022-22656 Improper Authentication vulnerability in Apple mac OS X and Macos
An authentication issue was addressed with improved state management.
local
low complexity
apple CWE-287
3.3
2022-03-17 CVE-2022-26504 Improper Authentication vulnerability in Veeam Backup & Replication
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
network
low complexity
veeam CWE-287
8.8
2022-03-16 CVE-2021-45786 Improper Authentication vulnerability in Maccms 10.0
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
network
low complexity
maccms CWE-287
critical
9.8
2022-03-14 CVE-2022-24740 Improper Authentication vulnerability in Plone Volto
Volto is a ReactJS-based frontend for the Plone Content Management System.
network
high complexity
plone CWE-287
7.5
2022-03-13 CVE-2021-36368 Improper Authentication vulnerability in multiple products
An issue was discovered in OpenSSH before 8.9.
network
high complexity
openbsd debian CWE-287
3.7
2022-03-11 CVE-2022-22729 Improper Authentication vulnerability in Yokogawa products
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets.
network
low complexity
yokogawa CWE-287
8.8
2022-03-10 CVE-2022-25816 Improper Authentication vulnerability in Google Android 10.0/11.0/12.0
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
low complexity
google CWE-287
4.6
2022-03-10 CVE-2022-25825 Improper Authentication vulnerability in Samasung Account
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.
local
low complexity
samasung CWE-287
5.5
2022-03-10 CVE-2022-24285 Improper Authentication vulnerability in Acer Care Center 4.00.3000/4.00.3038
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability.
local
low complexity
acer CWE-287
7.8