Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-12 | CVE-2021-1903 | Incorrect Authorization vulnerability in Qualcomm products Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.0 |
| 2021-11-10 | CVE-2021-40504 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions. | 4.9 |
| 2021-11-09 | CVE-2021-20119 | Incorrect Authorization vulnerability in Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01112320193.0A.Nsh The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | 4.9 |
| 2021-11-09 | CVE-2021-42025 | Incorrect Authorization vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). | 6.8 |
| 2021-11-09 | CVE-2021-42026 | Incorrect Authorization vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). | 4.0 |
| 2021-11-08 | CVE-2021-24783 | Incorrect Authorization vulnerability in Publishpress Post Expirator The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. | 4.0 |
| 2021-11-08 | CVE-2021-22051 | Incorrect Authorization vulnerability in VMWare Spring Cloud Gateway Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. | 4.0 |
| 2021-11-05 | CVE-2021-41230 | Incorrect Authorization vulnerability in Pomerium Pomerium is an open source identity-aware access proxy. | 6.5 |
| 2021-11-05 | CVE-2021-25506 | Incorrect Authorization vulnerability in Samsung Health Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | 2.1 |
| 2021-11-05 | CVE-2021-39904 | Incorrect Authorization vulnerability in Gitlab An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request | 4.3 |