Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-22251 | Incorrect Authorization vulnerability in Gitlab Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | 4.3 |
| 2021-08-23 | CVE-2021-22253 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | 5.4 |
| 2021-08-19 | CVE-2021-37598 | Incorrect Authorization vulnerability in Wpcerber WP Cerber WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. | 5.3 |
| 2021-08-19 | CVE-2021-39138 | Incorrect Authorization vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 6.5 |
| 2021-08-17 | CVE-2021-0645 | Incorrect Authorization vulnerability in Google Android 11.0 In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. | 7.8 |
| 2021-08-17 | CVE-2021-32829 | Incorrect Authorization vulnerability in Zstack Rest API ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. | 9.9 |
| 2021-08-16 | CVE-2020-18701 | Incorrect Authorization vulnerability in Talelin Lin-Cms-Flask 0.1.1 Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | 9.8 |
| 2021-08-13 | CVE-2021-37705 | Incorrect Authorization vulnerability in Microsoft Onefuzz OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. | 10.0 |
| 2021-08-12 | CVE-2021-27793 | Incorrect Authorization vulnerability in Broadcom Fabric Operating System ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | 5.3 |
| 2021-08-11 | CVE-2020-25564 | Incorrect Authorization vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | 8.8 |