Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-29 | CVE-2021-24842 | Incorrect Authorization vulnerability in Bulk Datetime Change Project Bulk Datetime Change The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts. | 5.4 |
| 2021-11-19 | CVE-2021-22966 | Incorrect Authorization vulnerability in Concretecms Concrete CMS Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. | 8.8 |
| 2021-11-19 | CVE-2021-39234 | Incorrect Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. | 6.8 |
| 2021-11-17 | CVE-2021-43553 | Incorrect Authorization vulnerability in Osisoft PI Vision 2017/2019/2020 PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. | 4.3 |
| 2021-11-15 | CVE-2021-41244 | Incorrect Authorization vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.2 |
| 2021-11-12 | CVE-2021-3577 | Incorrect Authorization vulnerability in Binatoneglobal products An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. | 8.8 |
| 2021-11-12 | CVE-2021-1903 | Incorrect Authorization vulnerability in Qualcomm products Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.3 |
| 2021-11-10 | CVE-2021-40504 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions. | 4.9 |
| 2021-11-09 | CVE-2021-20119 | Incorrect Authorization vulnerability in Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01112320193.0A.Nsh The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | 7.1 |
| 2021-11-09 | CVE-2021-42025 | Incorrect Authorization vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). | 6.5 |