Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-09-24 CVE-2021-22869 Improper Authentication vulnerability in Github Enterprise Server
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to.
network
low complexity
github CWE-287
critical
9.8
2021-09-21 CVE-2021-31917 Improper Authentication vulnerability in multiple products
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0).
network
low complexity
redhat infinispan CWE-287
critical
9.8
2021-09-17 CVE-2021-41317 Improper Authentication vulnerability in XSS Hunter Express Project XSS Hunter Express
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.
network
low complexity
xss-hunter-express-project CWE-287
critical
9.8
2021-09-15 CVE-2021-33044 Improper Authentication vulnerability in Dahuasecurity products
The identity authentication bypass vulnerability found in some Dahua products during the login process.
network
low complexity
dahuasecurity CWE-287
critical
9.8
2021-09-15 CVE-2021-33045 Improper Authentication vulnerability in Dahuasecurity products
The identity authentication bypass vulnerability found in some Dahua products during the login process.
network
low complexity
dahuasecurity CWE-287
critical
9.8
2021-09-15 CVE-2021-33700 Improper Authentication vulnerability in SAP Business ONE 10.0
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password.
local
low complexity
sap CWE-287
7.8
2021-09-10 CVE-2021-3145 Improper Authentication vulnerability in Ionic Identity Vault
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication.
local
low complexity
ionic CWE-287
6.7
2021-09-10 CVE-2021-37414 Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
network
low complexity
zohocorp CWE-287
7.5
2021-09-09 CVE-2021-25451 Improper Authentication vulnerability in Google Android 10.0/11.0/9.0
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
local
low complexity
google CWE-287
3.3
2021-09-09 CVE-2021-25466 Improper Authentication vulnerability in Samsung Internet
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
network
high complexity
samsung CWE-287
5.9