Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-02-14 CVE-2022-24976 Improper Authentication vulnerability in Atheme
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
network
low complexity
atheme CWE-287
critical
9.1
2022-02-11 CVE-2021-38679 Improper Authentication vulnerability in Qnap Kazoo Server 4.10.12/4.10.9/4.11.20
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server.
network
low complexity
qnap CWE-287
critical
9.8
2022-02-11 CVE-2021-30317 Improper Authentication vulnerability in Qualcomm products
Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-287
7.8
2022-02-09 CVE-2021-45331 Improper Authentication vulnerability in Gitea
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges.
network
low complexity
gitea CWE-287
critical
9.8
2022-02-07 CVE-2022-23320 Improper Authentication vulnerability in Xerox Xmpie Ustore 12.3.7244.0
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries.
network
low complexity
xerox CWE-287
7.5
2022-02-06 CVE-2022-22831 Improper Authentication vulnerability in Servisnet Tessa 0.0.2
An issue was discovered in Servisnet Tessa 0.0.2.
network
low complexity
servisnet CWE-287
critical
9.8
2022-02-06 CVE-2022-24551 Improper Authentication vulnerability in Starwindsoftware NAS and SAN
A flaw was found in StarWind Stack.
network
low complexity
starwindsoftware CWE-287
8.8
2022-02-04 CVE-2021-21965 Improper Authentication vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34
A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc.
network
low complexity
sealevel CWE-287
critical
9.3
2022-02-04 CVE-2021-28503 Improper Authentication vulnerability in Arista EOS
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
network
low complexity
arista CWE-287
critical
9.8
2022-02-04 CVE-2022-23600 Improper Authentication vulnerability in Fleetdm Fleet
fleet is an open source device management, built on osquery.
network
low complexity
fleetdm CWE-287
6.5