Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-24244 An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email). 0.0
2021-04-30 CVE-2021-21228 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
4.3
2021-04-26 CVE-2021-20712 Incorrect Authorization vulnerability in NEC Aterm Wg2600Hs Firmware and Aterm Wx3000Hp Firmware
Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function.
network
low complexity
nec CWE-863
5.0
2021-04-26 CVE-2021-20694 Incorrect Authorization vulnerability in Dlink Dap-1880Ac Firmware
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors.
network
low complexity
dlink CWE-863
6.5
2021-04-26 CVE-2021-20693 Incorrect Authorization vulnerability in Gurunavi
Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
network
low complexity
gurunavi CWE-863
5.0
2021-04-23 CVE-2021-29158 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
4.0
2021-04-23 CVE-2021-25382 Incorrect Authorization vulnerability in Google Android
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
local
low complexity
google CWE-863
3.6
2021-04-22 CVE-2021-0260 Incorrect Authorization vulnerability in Juniper Junos 17.2/17.3/17.4
An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication.
network
low complexity
juniper CWE-863
7.5
2021-04-21 CVE-2021-1076 Incorrect Authorization vulnerability in Nvidia GPU Display Driver
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
local
low complexity
nvidia CWE-863
4.6
2021-04-21 CVE-2021-21643 Incorrect Authorization vulnerability in Jenkins Config File Provider
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-863
4.0