Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-23383 Improper Authentication vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by broken access control.
network
low complexity
yzmcms CWE-287
critical
9.1
2022-03-10 CVE-2021-40376 Improper Authentication vulnerability in Otris Update Manager 1.2.1.0
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe.
local
low complexity
otris CWE-287
7.8
2022-03-08 CVE-2021-41181 Improper Authentication vulnerability in Nextcloud Talk
Nextcloud talk is a self hosting messaging service.
low complexity
nextcloud CWE-287
2.4
2022-03-07 CVE-2022-24738 Improper Authentication vulnerability in Evmos
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network.
network
high complexity
evmos CWE-287
7.4
2022-03-04 CVE-2022-23729 Improper Authentication vulnerability in Google Android
When the device is in factory state, it can be access the shell without adb authentication process.
local
low complexity
google CWE-287
7.8
2022-02-24 CVE-2020-14504 Improper Authentication vulnerability in Rockwellautomation products
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests.
network
low complexity
rockwellautomation CWE-287
5.3
2022-02-18 CVE-2022-24047 Improper Authentication vulnerability in BMC Track-It! 20.21.01.102
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102.
network
low complexity
bmc CWE-287
critical
9.8
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
2022-02-15 CVE-2022-23317 Improper Authentication vulnerability in Helpsystems Cobalt Strike
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
network
low complexity
helpsystems CWE-287
7.5
2022-02-14 CVE-2021-4201 Improper Authentication vulnerability in Forgerock Access Management
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.
network
low complexity
forgerock CWE-287
critical
9.8