Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-24148 | Improper Authentication vulnerability in Inspireui Mstore API A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. | 9.8 |
| 2021-03-17 | CVE-2021-22860 | Improper Authentication vulnerability in EIC E-Document System 2.9/3.0.2 EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. | 9.8 |
| 2021-03-13 | CVE-2021-20018 | Improper Authentication vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. | 4.9 |
| 2021-03-11 | CVE-2021-21378 | Improper Authentication vulnerability in Envoyproxy Envoy 1.17.0 Envoy is a cloud-native high-performance edge/middle/service proxy. | 8.2 |
| 2021-03-10 | CVE-2020-35231 | Improper Authentication vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. | 8.8 |
| 2021-03-05 | CVE-2020-28050 | Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 9.1 |
| 2021-03-05 | CVE-2020-5148 | Improper Authentication vulnerability in Sonicwall Directory Services Connector SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | 8.2 |
| 2021-03-04 | CVE-2021-25343 | Improper Authentication vulnerability in Samsung Members 2.4.81.13/2.4.85.11 Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | 3.3 |
| 2021-03-04 | CVE-2021-25342 | Improper Authentication vulnerability in Samsung Members 2.4.81.13/2.4.85.11 Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | 3.3 |
| 2021-03-04 | CVE-2021-25341 | Improper Authentication vulnerability in Samsung S Assistant Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | 3.3 |