Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-22 | CVE-2021-28146 | Incorrect Authorization vulnerability in Grafana The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. | 4.0 |
2021-03-18 | CVE-2021-21624 | Incorrect Authorization vulnerability in Jenkins Role-Based Authorization Strategy An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 4.3 |
2021-03-18 | CVE-2021-21623 | Incorrect Authorization vulnerability in Jenkins Matrix Authorization Strategy An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 6.5 |
2021-03-18 | CVE-2021-28681 | Incorrect Authorization vulnerability in Webrtc Project Webrtc Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. | 5.0 |
2021-03-18 | CVE-2021-20676 | Incorrect Authorization vulnerability in M-System products M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors. | 4.0 |
2021-03-16 | CVE-2020-24264 | Incorrect Authorization vulnerability in Portainer Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. | 10.0 |
2021-03-15 | CVE-2021-20282 | Incorrect Authorization vulnerability in multiple products When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
2021-03-15 | CVE-2021-20281 | Incorrect Authorization vulnerability in multiple products It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
2021-03-15 | CVE-2020-25240 | Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server 1.1/2.0 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). | 6.5 |
2021-03-15 | CVE-2020-25239 | Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server 1.1/2.0 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). | 6.5 |