Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2020-21124 | Incorrect Authorization vulnerability in Ureport Project Ureport 2.2.9 UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | 9.8 |
| 2021-09-09 | CVE-2021-39206 | Incorrect Authorization vulnerability in multiple products Pomerium is an open source identity-aware access proxy. | 8.6 |
| 2021-09-09 | CVE-2021-28911 | Incorrect Authorization vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3 BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. | 9.8 |
| 2021-09-09 | CVE-2021-22239 | Incorrect Authorization vulnerability in Gitlab An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | 4.3 |
| 2021-09-08 | CVE-2021-28567 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. | 6.5 |
| 2021-09-08 | CVE-2021-35526 | Incorrect Authorization vulnerability in Hitachiabb-Powergrids Sdm600 Firmware Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. | 7.8 |
| 2021-09-08 | CVE-2021-1854 | Incorrect Authorization vulnerability in Apple Iphone OS A call termination issue with was addressed with improved logic. | 4.3 |
| 2021-09-07 | CVE-2020-19765 | Incorrect Authorization vulnerability in Proofofdiligencetoken Project Proofofdiligencetoken 1.0 An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | 7.5 |
| 2021-09-07 | CVE-2021-35949 | Incorrect Authorization vulnerability in Owncloud The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | 5.3 |
| 2021-09-02 | CVE-2021-38312 | Incorrect Authorization vulnerability in Redux Gutenberg Template Library & Redux Framework The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. | 6.5 |