Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
2022-02-15 CVE-2022-23317 Improper Authentication vulnerability in Helpsystems Cobalt Strike
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
network
low complexity
helpsystems CWE-287
7.5
2022-02-14 CVE-2021-4201 Improper Authentication vulnerability in Forgerock Access Management
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.
network
low complexity
forgerock CWE-287
critical
9.8
2022-02-14 CVE-2021-45347 Improper Authentication vulnerability in Zzcms 8.2
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
network
low complexity
zzcms CWE-287
7.5
2022-02-14 CVE-2022-24976 Improper Authentication vulnerability in Atheme
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
network
low complexity
atheme CWE-287
critical
9.1
2022-02-11 CVE-2021-38679 Improper Authentication vulnerability in Qnap Kazoo Server 4.10.12/4.10.9/4.11.20
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server.
network
low complexity
qnap CWE-287
critical
9.8
2022-02-11 CVE-2021-30317 Improper Authentication vulnerability in Qualcomm products
Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-287
7.8
2022-02-09 CVE-2021-45331 Improper Authentication vulnerability in Gitea
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges.
network
low complexity
gitea CWE-287
critical
9.8
2022-02-07 CVE-2022-23320 Improper Authentication vulnerability in Xerox Xmpie Ustore 12.3.7244.0
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries.
network
low complexity
xerox CWE-287
7.5
2022-02-06 CVE-2022-22831 Improper Authentication vulnerability in Servisnet Tessa 0.0.2
An issue was discovered in Servisnet Tessa 0.0.2.
network
low complexity
servisnet CWE-287
critical
9.8