Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-01-20 CVE-2021-44736 Improper Authentication vulnerability in Lexmark Mc3224I Firmware
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
network
low complexity
lexmark CWE-287
critical
9.8
2022-01-18 CVE-2022-21692 Improper Authentication vulnerability in Onionshare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
network
low complexity
onionshare CWE-287
4.3
2022-01-18 CVE-2022-21695 Improper Authentication vulnerability in Onionshare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
network
low complexity
onionshare CWE-287
5.3
2022-01-15 CVE-2022-23178 Improper Authentication vulnerability in Crestron Hd-Md4X2-4K-E Firmware 1.0.0.2159
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices.
network
low complexity
crestron CWE-287
critical
9.8
2022-01-13 CVE-2021-34977 Improper Authentication vulnerability in Netgear R7000 Firmware 1.0.11.11610.2.100
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers.
low complexity
netgear CWE-287
8.8
2022-01-13 CVE-2021-34993 Improper Authentication vulnerability in Commvault Commcell 11.22.22
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22.
network
low complexity
commvault CWE-287
critical
9.8
2022-01-13 CVE-2021-33046 Improper Authentication vulnerability in Dahuasecurity products
Some Dahua products have access control vulnerability in the password reset process.
network
low complexity
dahuasecurity CWE-287
critical
9.8
2022-01-13 CVE-2022-21684 Improper Authentication vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-287
8.8
2022-01-13 CVE-2022-23134 Improper Authentication vulnerability in multiple products
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.
network
low complexity
zabbix fedoraproject debian CWE-287
5.3
2022-01-11 CVE-2021-43999 Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider.
network
low complexity
apache CWE-287
8.8