Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30975 | Incorrect Authorization vulnerability in Apple mac OS X and Macos This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. | 8.6 |
2021-08-24 | CVE-2021-30987 | Incorrect Authorization vulnerability in Apple Macos 12.0.0/12.0.1 An access issue was addressed with improved access restrictions. | 5.5 |
2021-08-24 | CVE-2021-26040 | Incorrect Authorization vulnerability in Joomla Joomla! 4.0.0 An issue was discovered in Joomla! 4.0.0. | 6.4 |
2021-08-23 | CVE-2021-22251 | Incorrect Authorization vulnerability in Gitlab Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | 4.0 |
2021-08-23 | CVE-2021-22253 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | 4.9 |
2021-08-19 | CVE-2021-37598 | Incorrect Authorization vulnerability in Wpcerber WP Cerber WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. | 5.0 |
2021-08-19 | CVE-2021-39138 | Incorrect Authorization vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 6.4 |
2021-08-17 | CVE-2021-0645 | Incorrect Authorization vulnerability in Google Android 11.0 In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. | 6.8 |
2021-08-17 | CVE-2021-32829 | Incorrect Authorization vulnerability in Zstack Rest API ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. | 9.9 |
2021-08-16 | CVE-2020-18701 | Incorrect Authorization vulnerability in Talelin Lin-Cms-Flask 0.1.1 Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | 9.8 |