Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-06-22 CVE-2021-32701 Incorrect Authorization vulnerability in ORY Oathkeeper
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules.
network
ory CWE-863
4.3
2021-06-22 CVE-2010-2525 Incorrect Authorization vulnerability in Linux Kernel 2.6.33
A flaw was discovered in gfs2 file system’s handling of acls (access control lists).
local
low complexity
linux CWE-863
7.2
2021-06-21 CVE-2010-1435 Incorrect Authorization vulnerability in Joomla Joomla!
Joomla! Core is prone to a security bypass vulnerability.
network
low complexity
joomla CWE-863
7.5
2021-06-21 CVE-2021-24379 Incorrect Authorization vulnerability in Wphappycoders Comments Like Dislike
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like.
network
low complexity
wphappycoders CWE-863
5.0
2021-06-21 CVE-2020-20471 Incorrect Authorization vulnerability in White Shark Systems Project White Shark Systems 1.3.2
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
network
low complexity
white-shark-systems-project CWE-863
critical
9.0
2021-06-21 CVE-2020-20466 Incorrect Authorization vulnerability in White Shark Systems Project White Shark Systems 1.3.2
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
network
low complexity
white-shark-systems-project CWE-863
7.5
2021-06-14 CVE-2021-26845 Incorrect Authorization vulnerability in Hitachienergy Esoms
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered.
network
low complexity
hitachienergy CWE-863
7.5
2021-06-11 CVE-2021-0472 Incorrect Authorization vulnerability in Google Android 10.0/11.0/9.0
In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass.
local
low complexity
google CWE-863
4.6
2021-06-11 CVE-2021-25406 Incorrect Authorization vulnerability in Samsung Gear S
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
low complexity
samsung CWE-863
3.3
2021-06-11 CVE-2021-25410 Incorrect Authorization vulnerability in Google Android 11.0
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
local
low complexity
google CWE-863
3.6