Vulnerabilities > Improper Authorization
|2021-07-19||CVE-2021-35964|| Improper Authorization vulnerability in Learningdigital Orca HCM |
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
| 7.5 |
|2021-07-07||CVE-2021-32523|| Improper Authorization vulnerability in Qsan Storage Manager |
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands.
| 6.5 |
|2021-06-28||CVE-2021-28563|| Improper Authorization vulnerability in Magento |
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint.
| 6.4 |
|2021-06-07||CVE-2020-25716|| Improper Authorization vulnerability in Redhat Cloudforms |
A flaw was found in Cloudforms.
| 5.5 |
|2021-06-07||CVE-2020-1690|| Improper Authorization vulnerability in Redhat Openstack-Selinux and Openstack Platform |
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation.
| 4.9 |
|2021-05-28||CVE-2021-32619|| Improper Authorization vulnerability in Deno |
| 7.5 |
|2021-05-28||CVE-2021-32620|| Improper Authorization vulnerability in Xwiki |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
| 4.0 |
|2021-05-27||CVE-2020-10716|| Improper Authorization vulnerability in multiple products |
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
| 4.0 |
|2021-05-14||CVE-2021-24188|| Improper Authorization vulnerability in Wp-Buy WP Content Copy Protection & NO Right Click |
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
| 6.5 |
|2021-05-14||CVE-2021-24190|| Improper Authorization vulnerability in Wp-Buy Conditional Marketing Mailer |
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
| 6.5 |