Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-20835 | Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. | 5.0 |
| 2021-11-24 | CVE-2021-20841 | Incorrect Authorization vulnerability in Ec-Cube Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. | 4.0 |
| 2021-11-23 | CVE-2021-36311 | Incorrect Authorization vulnerability in Dell EMC Networker Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. | 4.6 |
| 2021-11-19 | CVE-2021-39232 | Incorrect Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | 6.5 |
| 2021-11-19 | CVE-2021-39233 | Incorrect Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. | 6.4 |
| 2021-11-19 | CVE-2021-39234 | Incorrect Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. | 4.9 |
| 2021-11-18 | CVE-2021-35534 | Incorrect Authorization vulnerability in Hitachi products Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. | 9.0 |
| 2021-11-18 | CVE-2021-36909 | Incorrect Authorization vulnerability in Webfactoryltd WP Reset PRO Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. | 5.5 |
| 2021-11-17 | CVE-2021-0110 | Incorrect Authorization vulnerability in Intel Thunderbolt DCH Driver Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access. | 2.1 |
| 2021-11-17 | CVE-2021-0151 | Incorrect Authorization vulnerability in Intel products Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |