Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-25484 | Improper Authentication vulnerability in Google Android 10.0/11.0/8.1 Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | 3.3 |
| 2021-10-06 | CVE-2021-0595 | Improper Authentication vulnerability in Google Android In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. | 7.8 |
| 2021-10-05 | CVE-2021-41286 | Improper Authentication vulnerability in Omikron Multicash 4.00.008 Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. | 7.8 |
| 2021-10-05 | CVE-2021-39872 | Improper Authentication vulnerability in Gitlab In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | 6.5 |
| 2021-10-04 | CVE-2021-23857 | Improper Authentication vulnerability in Bosch products Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. | 9.8 |
| 2021-10-04 | CVE-2021-35296 | Improper Authentication vulnerability in Ptcl Hg150-Ub Firmware 3.0 An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. | 9.8 |
| 2021-09-30 | CVE-2021-20578 | Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. | 9.8 |
| 2021-09-30 | CVE-2021-24017 | Improper Authentication vulnerability in Fortinet Fortimanager An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. | 4.3 |
| 2021-09-30 | CVE-2021-41292 | Improper Authentication vulnerability in Ecoa products ECOA BAS controller suffers from an authentication bypass vulnerability. | 9.1 |
| 2021-09-29 | CVE-2021-35943 | Improper Authentication vulnerability in Couchbase Server Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. | 9.8 |