Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-01 | CVE-2021-27661 | Incorrect Authorization vulnerability in Johnsoncontrols F4-Snc Firmware 11 Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. | 8.8 |
| 2021-06-29 | CVE-2021-22119 | Incorrect Authorization vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. | 7.5 |
| 2021-06-24 | CVE-2021-32716 | Incorrect Authorization vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.9 |
| 2021-06-24 | CVE-2021-29959 | Incorrect Authorization vulnerability in Mozilla Firefox When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. | 4.3 |
| 2021-06-24 | CVE-2021-29961 | Incorrect Authorization vulnerability in Mozilla Firefox When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. | 4.3 |
| 2021-06-22 | CVE-2021-0571 | Incorrect Authorization vulnerability in Google Android 11.0 In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. | 7.8 |
| 2021-06-21 | CVE-2020-20471 | Incorrect Authorization vulnerability in White Shark Systems Project White Shark Systems 1.3.2 White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | 8.8 |
| 2021-06-21 | CVE-2020-20466 | Incorrect Authorization vulnerability in White Shark Systems Project White Shark Systems 1.3.2 White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | 9.8 |
| 2021-06-14 | CVE-2021-26845 | Incorrect Authorization vulnerability in Hitachienergy Esoms Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. | 7.5 |
| 2021-06-11 | CVE-2021-0472 | Incorrect Authorization vulnerability in Google Android 10.0/11.0/9.0 In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. | 7.8 |