Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-29961 | Incorrect Authorization vulnerability in Mozilla Firefox When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. | 4.3 |
| 2021-06-22 | CVE-2021-0571 | Incorrect Authorization vulnerability in Google Android 11.0 In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. | 7.8 |
| 2021-06-21 | CVE-2020-20471 | Incorrect Authorization vulnerability in White Shark Systems Project White Shark Systems 1.3.2 White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | 8.8 |
| 2021-06-21 | CVE-2020-20466 | Incorrect Authorization vulnerability in White Shark Systems Project White Shark Systems 1.3.2 White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | 9.8 |
| 2021-06-14 | CVE-2021-26845 | Incorrect Authorization vulnerability in Hitachienergy Esoms Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. | 7.5 |
| 2021-06-11 | CVE-2021-0472 | Incorrect Authorization vulnerability in Google Android 10.0/11.0/9.0 In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. | 7.8 |
| 2021-06-11 | CVE-2021-25406 | Incorrect Authorization vulnerability in Samsung Gear S Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | 6.5 |
| 2021-06-11 | CVE-2021-25410 | Incorrect Authorization vulnerability in Google Android 11.0 Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | 7.1 |
| 2021-06-11 | CVE-2021-25418 | Incorrect Authorization vulnerability in Samsung Internet 13.2.1.46/13.2.1.70/14.0.1.20 Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | 7.8 |
| 2021-06-10 | CVE-2021-21664 | Incorrect Authorization vulnerability in Jenkins Xebialabs XL Deploy An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 6.5 |