Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-14 | CVE-2021-45347 | Improper Authentication vulnerability in Zzcms 8.2 An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | 7.5 |
| 2022-02-14 | CVE-2022-24976 | Improper Authentication vulnerability in Atheme Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. | 9.1 |
| 2022-02-11 | CVE-2021-38679 | Improper Authentication vulnerability in Qnap Kazoo Server 4.10.12/4.10.9/4.11.20 An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. | 9.8 |
| 2022-02-11 | CVE-2021-30317 | Improper Authentication vulnerability in Qualcomm products Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 |
| 2022-02-09 | CVE-2021-45331 | Improper Authentication vulnerability in Gitea An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. | 9.8 |
| 2022-02-07 | CVE-2022-23320 | Improper Authentication vulnerability in Xerox Xmpie Ustore 12.3.7244.0 XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. | 7.5 |
| 2022-02-06 | CVE-2022-22831 | Improper Authentication vulnerability in Servisnet Tessa 0.0.2 An issue was discovered in Servisnet Tessa 0.0.2. | 9.8 |
| 2022-02-06 | CVE-2022-24551 | Improper Authentication vulnerability in Starwindsoftware NAS and SAN A flaw was found in StarWind Stack. | 8.8 |
| 2022-02-04 | CVE-2021-21965 | Improper Authentication vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. | 9.3 |
| 2022-02-04 | CVE-2021-28503 | Improper Authentication vulnerability in Arista EOS The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | 9.8 |