Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2021-20281 | Incorrect Authorization vulnerability in multiple products It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
| 2021-03-13 | CVE-2021-28373 | Incorrect Authorization vulnerability in Tt-Rss Tiny RSS 17.4/20200916 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. | 7.5 |
| 2021-03-13 | CVE-2020-35682 | Incorrect Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 8.8 |
| 2021-03-10 | CVE-2021-0382 | Incorrect Authorization vulnerability in Google Android 11.0 In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. | 5.5 |
| 2021-03-10 | CVE-2021-0376 | Incorrect Authorization vulnerability in Google Android 11.0 In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. | 7.8 |
| 2021-03-09 | CVE-2021-21186 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. | 4.3 |
| 2021-03-09 | CVE-2021-21182 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2021-03-09 | CVE-2021-21484 | Incorrect Authorization vulnerability in SAP Hana 2.0 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. | 9.8 |
| 2021-03-09 | CVE-2021-21481 | Incorrect Authorization vulnerability in SAP Netweaver The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. | 8.8 |
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |