Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-19 | CVE-2021-31158 | Incorrect Authorization vulnerability in Couchbase Server In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | 4.0 |
| 2021-05-14 | CVE-2021-20429 | Incorrect Authorization vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. | 5.0 |
| 2021-05-14 | CVE-2021-24278 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. | 5.0 |
| 2021-05-14 | CVE-2021-24279 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository. | 4.0 |
| 2021-05-14 | CVE-2021-24281 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site. | 4.0 |
| 2021-05-14 | CVE-2021-24282 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. | 6.5 |
| 2021-05-13 | CVE-2021-31876 | Incorrect Authorization vulnerability in Bitcoin Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. | 6.4 |
| 2021-05-13 | CVE-2021-22155 | Incorrect Authorization vulnerability in Blackberry Workspaces Server An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account. | 6.5 |
| 2021-05-12 | CVE-2021-3457 | Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks An improper authorization handling flaw was found in Foreman. | 3.6 |
| 2021-05-11 | CVE-2021-31165 | Incorrect Authorization vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |