PT-2023-1149 · Zoho · Zoho Manageengine Servicedesk Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10611 Zoho ManageEngine ServiceDesk Plus versions 13.x prior to 13004 Description: The issue is related to the implementation of the authentication mechanism via the LDAP protocol in th...

PT-2023-1708 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The issue is related to missing authentication checks in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directo...

CVE-2023-22278

m-FILTER prior to Ver.5.70R01 Ver.5 Series and m-FILTER prior to Ver.4.87R04 Ver.4 Series allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been...

PT-2023-14216 · Adeel Ahmed · Ip Blacklist Cloud

Name of the Vulnerable Software and Affected Versions: Adeel Ahmed's IP Blacklist Cloud plugin versions prior to 5.01 Description: The issue is related to an authentication SQL Injection vulnerability. Recommendations: For versions prior to 5.01, update to version 5.01 or later to resolve the iss...

GitLab 15.4 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3820)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registrie...

PT-2023-13280 · Google · Android Core

Name of the Vulnerable Software and Affected Versions: Android Core affected versions not specified Description: The issue is related to memory corruption in the Android core, caused by improper validation of an array index when returning feature IDs after license authentication. Recommendations:...

Session fixation

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195...

PT-2022-25952 · Huawei · Huawei Band

Name of the Vulnerable Software and Affected Versions: Huawei band products affected versions not specified Description: The issue is related to insufficient authentication in some Huawei band products. This could allow an attacker to spoof and then connect to the band. Recommendations: At the...

PT-2022-8577 · Mozilla · Vpn

Name of the Vulnerable Software and Affected Versions: Mozilla VPN iOS versions 1.0.7 and earlier Mozilla VPN Windows versions prior to 1.2.2 Mozilla VPN Android versions 1.1.0 and earlier Description: An issue existed in the VPN login flow, where an attacker could craft a custom login URL and...

PT-2022-27805 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The sensor privacy module has an authentication issue. If exploited, this could make the smartphone's camera and microphone unavailable. Recommendations: At the moment, there is no...

CVE-2022-3999 WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

CVE-2022-29838 Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

PT-2022-19868 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud versions prior to 5.25.124 Description: The issue is related to an Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices. This vulnerability allows...

CVE-2022-39899

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture...

CVE-2022-38336

An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication...

PT-2022-26960 · Veeam · Veeam Backup For Google Cloud

Name of the Vulnerable Software and Affected Versions: Veeam Backup for Google Cloud versions 1.0 through 3.0 Description: The issue is related to improper authentication, allowing attackers to bypass authentication mechanisms. This could potentially lead to unauthorized access. Recommendations:...

CVE-2022-38336

CVE-2022-38336 affects Mobatek MobaXterm prior to 22.1. The issue is an access-control flaw that allows attackers to connect to the server via SSH or SFTP without authentication. Public details describe the root cause as auth bypass in the SSH/SFTP handling; impact is high (unauthorized access). ...

CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...

CVE-2022-44257

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function...

CVE-2022-2166 Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon

Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0...