Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-20 | CVE-2019-16651 | Incorrect Authorization vulnerability in Virginmedia Super HUB 3 Firmware An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. | 5.3 |
| 2021-09-15 | CVE-2021-40639 | Incorrect Authorization vulnerability in Jflyfox Jfinal CMS 5.1.0 Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | 7.5 |
| 2021-09-15 | CVE-2020-21124 | Incorrect Authorization vulnerability in Ureport Project Ureport 2.2.9 UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | 9.8 |
| 2021-09-09 | CVE-2021-28911 | Incorrect Authorization vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3 BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. | 9.8 |
| 2021-09-09 | CVE-2021-22239 | Incorrect Authorization vulnerability in Gitlab An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | 4.3 |
| 2021-09-08 | CVE-2021-28567 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. | 6.5 |
| 2021-09-08 | CVE-2021-35526 | Incorrect Authorization vulnerability in Hitachiabb-Powergrids Sdm600 Firmware Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. | 7.8 |
| 2021-09-08 | CVE-2021-1854 | Incorrect Authorization vulnerability in Apple Iphone OS A call termination issue with was addressed with improved logic. | 4.3 |
| 2021-09-07 | CVE-2020-19765 | Incorrect Authorization vulnerability in Proofofdiligencetoken Project Proofofdiligencetoken 1.0 An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | 7.5 |
| 2021-09-07 | CVE-2021-35949 | Incorrect Authorization vulnerability in Owncloud The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | 5.3 |