Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-24244 | An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email). | 0.0 |
| 2021-04-30 | CVE-2021-21228 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 4.3 |
| 2021-04-26 | CVE-2021-20712 | Incorrect Authorization vulnerability in NEC Aterm Wg2600Hs Firmware and Aterm Wx3000Hp Firmware Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function. | 5.0 |
| 2021-04-26 | CVE-2021-20694 | Incorrect Authorization vulnerability in Dlink Dap-1880Ac Firmware Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. | 6.5 |
| 2021-04-26 | CVE-2021-20693 | Incorrect Authorization vulnerability in Gurunavi Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 5.0 |
| 2021-04-23 | CVE-2021-29158 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1 Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | 4.0 |
| 2021-04-23 | CVE-2021-25382 | Incorrect Authorization vulnerability in Google Android An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. | 3.6 |
| 2021-04-22 | CVE-2021-0260 | Incorrect Authorization vulnerability in Juniper Junos 17.2/17.3/17.4 An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. | 7.5 |
| 2021-04-21 | CVE-2021-1076 | Incorrect Authorization vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. | 4.6 |
| 2021-04-21 | CVE-2021-21643 | Incorrect Authorization vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | 4.0 |