Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-23383 | Improper Authentication vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by broken access control. | 9.1 |
| 2022-03-10 | CVE-2021-40376 | Improper Authentication vulnerability in Otris Update Manager 1.2.1.0 otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. | 7.8 |
| 2022-03-08 | CVE-2021-41181 | Improper Authentication vulnerability in Nextcloud Talk Nextcloud talk is a self hosting messaging service. | 2.4 |
| 2022-03-07 | CVE-2022-24738 | Improper Authentication vulnerability in Evmos Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. | 7.4 |
| 2022-03-04 | CVE-2022-23729 | Improper Authentication vulnerability in Google Android When the device is in factory state, it can be access the shell without adb authentication process. | 7.8 |
| 2022-02-24 | CVE-2020-14504 | Improper Authentication vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. | 5.3 |
| 2022-02-18 | CVE-2022-24047 | Improper Authentication vulnerability in BMC Track-It! 20.21.01.102 This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. | 9.8 |
| 2022-02-18 | CVE-2016-2124 | Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. | 5.9 |
| 2022-02-15 | CVE-2022-23317 | Improper Authentication vulnerability in Helpsystems Cobalt Strike CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | 7.5 |
| 2022-02-14 | CVE-2021-4201 | Improper Authentication vulnerability in Forgerock Access Management Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. | 9.8 |