Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2021-21308 PrestaShop is a fully scalable open source e-commerce solution. 0.0
2021-02-19 CVE-2021-3339 Improper Authentication vulnerability in Microsoft Modernflow
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.
network
low complexity
microsoft CWE-287
4.0
2021-02-19 CVE-2020-10254 Improper Authentication vulnerability in Owncloud
An issue was discovered in ownCloud before 10.4.
network
owncloud CWE-287
4.3
2021-02-17 CVE-2021-26697 Improper Authentication vulnerability in Apache Airflow 2.0.0
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0.
network
low complexity
apache CWE-287
5.0
2021-02-17 CVE-2021-22858 Improper Authentication vulnerability in Changjia Property Management System Project Changjia Property Management System 1.00
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
6.5
2021-02-12 CVE-2020-27866 Improper Authentication vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers.
low complexity
netgear CWE-287
8.3
2021-02-12 CVE-2020-27865 Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders.
low complexity
dlink CWE-287
8.3
2021-02-12 CVE-2020-27863 Improper Authentication vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers.
low complexity
dlink CWE-287
3.3
2021-02-11 CVE-2020-13185 Improper Authentication vulnerability in Teradici Cloud Access Connector
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
network
teradici CWE-287
4.3
2021-02-10 CVE-2021-27173 Improper Authentication vulnerability in Fiberhome Hg6245D Firmware
An issue was discovered on FiberHome HG6245D devices through RP2613.
network
low complexity
fiberhome CWE-287
5.0