Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2021-20429 | Incorrect Authorization vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. | 5.3 |
| 2021-05-13 | CVE-2021-31876 | Incorrect Authorization vulnerability in Bitcoin Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. | 6.5 |
| 2021-05-12 | CVE-2020-36289 | Incorrect Authorization vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. | 5.3 |
| 2021-05-10 | CVE-2021-20538 | Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1 IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. | 9.1 |
| 2021-05-10 | CVE-2021-23015 | Incorrect Authorization vulnerability in F5 products On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. | 7.2 |
| 2021-05-06 | CVE-2021-31829 | Incorrect Authorization vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. | 5.5 |
| 2021-05-06 | CVE-2021-22209 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. | 7.5 |
| 2021-05-06 | CVE-2021-22211 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. | 4.3 |
| 2021-04-30 | CVE-2021-21228 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 4.3 |
| 2021-04-30 | CVE-2021-31926 | Incorrect Authorization vulnerability in Cubecoders AMP AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission to make changes to the system's network configuration). | 6.5 |