Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-05 | CVE-2020-5148 | Improper Authentication vulnerability in Sonicwall Directory Services Connector SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | 8.2 |
| 2021-03-04 | CVE-2021-25343 | Improper Authentication vulnerability in Samsung Members 2.4.81.13/2.4.85.11 Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | 3.3 |
| 2021-03-04 | CVE-2021-25342 | Improper Authentication vulnerability in Samsung Members 2.4.81.13/2.4.85.11 Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | 3.3 |
| 2021-03-04 | CVE-2021-25341 | Improper Authentication vulnerability in Samsung S Assistant Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | 3.3 |
| 2021-03-02 | CVE-2021-21513 | Improper Authentication vulnerability in Dell Openmanage Server Administrator Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. | 9.8 |
| 2021-03-01 | CVE-2021-3332 | Improper Authentication vulnerability in Wpserveur WPS Hide Login 1.6.1 WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. | 5.3 |
| 2021-02-27 | CVE-2021-25281 | Improper Authentication vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-26 | CVE-2020-26200 | Improper Authentication vulnerability in Kaspersky Endpoint Security and Rescue Disk A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. | 6.8 |
| 2021-02-19 | CVE-2021-3339 | Improper Authentication vulnerability in Microsoft Modernflow ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | 4.3 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 5.9 |