Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-25424 | Improper Authentication vulnerability in Samsung products Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. | 8.8 |
| 2021-06-10 | CVE-2021-34546 | Improper Authentication vulnerability in Netsetman An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. | 6.8 |
| 2021-06-09 | CVE-2020-24514 | Improper Authentication vulnerability in Intel products Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
| 2021-06-08 | CVE-2020-26136 | Improper Authentication vulnerability in Silverstripe In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. | 6.5 |
| 2021-06-04 | CVE-2021-31251 | Improper Authentication vulnerability in Chiyu-Tech products An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated. | 9.8 |
| 2021-06-04 | CVE-2020-15077 | Improper Authentication vulnerability in Openvpn Access Server OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | 5.3 |
| 2021-05-28 | CVE-2021-20278 | Improper Authentication vulnerability in Kiali An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. | 6.5 |
| 2021-05-26 | CVE-2018-16496 | Improper Authentication vulnerability in Versa-Networks Versa Director In Versa Director, the un-authentication request found. | 5.3 |
| 2021-05-26 | CVE-2021-31924 | Improper Authentication vulnerability in multiple products Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. | 6.8 |
| 2021-05-24 | CVE-2020-26557 | Improper Authentication vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1 Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). | 7.5 |