Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-34690 Improper Authentication vulnerability in Idrive Remotepc
iDrive RemotePC before 7.6.48 on Windows allows authentication bypass.
network
low complexity
idrive CWE-287
critical
9.8
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
low complexity
vmware CWE-287
critical
9.8
2021-07-13 CVE-2021-20593 Improper Authentication vulnerability in Mitsubishi products
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver.
network
low complexity
mitsubishi CWE-287
7.1
2021-07-12 CVE-2020-19037 Improper Authentication vulnerability in Halo 0.4.3
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
network
low complexity
halo CWE-287
5.3
2021-07-12 CVE-2021-26088 Improper Authentication vulnerability in Fortinet Single Sign-On
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
low complexity
fortinet CWE-287
critical
9.6
2021-07-08 CVE-2021-25430 Improper Authentication vulnerability in Google Android
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
low complexity
google CWE-287
4.3
2021-07-08 CVE-2021-25442 Improper Authentication vulnerability in Samsung Knox Cloud Services
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
network
low complexity
samsung CWE-287
7.5
2021-07-07 CVE-2021-20776 Improper Authentication vulnerability in A-Stage-Inc At-40Cm01Sr Firmware and Sct-40Cm01Sr Firmware
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
network
low complexity
a-stage-inc CWE-287
critical
9.8
2021-07-02 CVE-2021-35029 Improper Authentication vulnerability in Zyxel products
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
network
low complexity
zyxel CWE-287
critical
9.8
2021-06-30 CVE-2021-30648 Improper Authentication vulnerability in Broadcom products
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability.
network
low complexity
broadcom CWE-287
critical
9.8