Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-24 | CVE-2021-22869 | Improper Authentication vulnerability in Github Enterprise Server An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. | 9.8 |
| 2021-09-21 | CVE-2021-31917 | Improper Authentication vulnerability in multiple products A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). | 9.8 |
| 2021-09-17 | CVE-2021-41317 | Improper Authentication vulnerability in XSS Hunter Express Project XSS Hunter Express XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. | 9.8 |
| 2021-09-15 | CVE-2021-33044 | Improper Authentication vulnerability in Dahuasecurity products The identity authentication bypass vulnerability found in some Dahua products during the login process. | 9.8 |
| 2021-09-15 | CVE-2021-33045 | Improper Authentication vulnerability in Dahuasecurity products The identity authentication bypass vulnerability found in some Dahua products during the login process. | 9.8 |
| 2021-09-15 | CVE-2021-33700 | Improper Authentication vulnerability in SAP Business ONE 10.0 SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. | 7.8 |
| 2021-09-10 | CVE-2021-3145 | Improper Authentication vulnerability in Ionic Identity Vault In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. | 6.7 |
| 2021-09-10 | CVE-2021-37414 | Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | 7.5 |
| 2021-09-09 | CVE-2021-25451 | Improper Authentication vulnerability in Google Android 10.0/11.0/9.0 A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. | 3.3 |
| 2021-09-09 | CVE-2021-25466 | Improper Authentication vulnerability in Samsung Internet Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | 5.9 |