Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-02-06 CVE-2022-24551 Improper Authentication vulnerability in Starwindsoftware NAS and SAN
A flaw was found in StarWind Stack.
network
low complexity
starwindsoftware CWE-287
8.8
2022-02-04 CVE-2021-21965 Improper Authentication vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34
A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc.
network
low complexity
sealevel CWE-287
critical
9.3
2022-02-04 CVE-2021-28503 Improper Authentication vulnerability in Arista EOS
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
network
low complexity
arista CWE-287
critical
9.8
2022-02-04 CVE-2022-23600 Improper Authentication vulnerability in Fleetdm Fleet
fleet is an open source device management, built on osquery.
network
low complexity
fleetdm CWE-287
6.5
2022-02-04 CVE-2022-24259 Improper Authentication vulnerability in Voipmonitor
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.
network
low complexity
voipmonitor CWE-287
critical
9.8
2022-01-28 CVE-2021-40404 Improper Authentication vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102.
network
low complexity
reolink CWE-287
6.5
2022-01-25 CVE-2021-3850 Improper Authentication vulnerability in multiple products
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
network
low complexity
adodb-project debian CWE-287
critical
9.1
2022-01-24 CVE-2021-43394 Improper Authentication vulnerability in Unisys Messaging Integration Services
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm.
network
low complexity
unisys CWE-287
critical
9.8
2022-01-24 CVE-2022-23126 Improper Authentication vulnerability in Teslamate Project Teslamate
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route.
network
low complexity
teslamate-project CWE-287
critical
9.8
2022-01-22 CVE-2022-23807 Improper Authentication vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2.
network
low complexity
phpmyadmin CWE-287
4.3