Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-03 | CVE-2021-3469 | Incorrect Authorization vulnerability in Theforeman Foreman Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. | 3.5 |
2021-06-03 | CVE-2021-32460 | Incorrect Authorization vulnerability in Trendmicro Maximum Security 2021 17.0 The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. | 7.2 |
2021-06-02 | CVE-2021-3499 | Incorrect Authorization vulnerability in OVN Ovn-Kubernetes 0.1.0/0.2.0/0.3.0 A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. | 5.6 |
2021-05-28 | CVE-2021-32619 | Incorrect Authorization vulnerability in Deno Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. | 7.5 |
2021-05-28 | CVE-2021-32620 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.0 |
2021-05-28 | CVE-2021-29628 | Incorrect Authorization vulnerability in Freebsd 12.2/13.0 In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. | 5.0 |
2021-05-28 | CVE-2020-1729 | Incorrect Authorization vulnerability in Redhat Smallrye Config A flaw was found in SmallRye's API through version 1.6.1. | 2.1 |
2021-05-24 | CVE-2020-26555 | Incorrect Authorization vulnerability in multiple products Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | 5.4 |
2021-05-24 | CVE-2020-26559 | Incorrect Authorization vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. | 5.8 |
2021-05-24 | CVE-2020-26560 | Incorrect Authorization vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. | 4.8 |