Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-08 | CVE-2021-21362 | Incorrect Authorization vulnerability in Minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. | 6.5 |
| 2021-03-05 | CVE-2020-29020 | Incorrect Authorization vulnerability in Secomea Sitemanager Firmware Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. | 7.2 |
| 2021-03-05 | CVE-2021-27099 | Incorrect Authorization vulnerability in Cncf Spire In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. | 6.8 |
| 2021-03-05 | CVE-2021-26964 | Incorrect Authorization vulnerability in Arubanetworks Airwave A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. | 7.1 |
| 2021-03-05 | CVE-2021-21725 | Incorrect Authorization vulnerability in ZTE Zxhn H196Q Firmware 9.1.0C2 A ZTE product has an information leak vulnerability. | 5.7 |
| 2021-03-04 | CVE-2021-26027 | Incorrect Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.0.0 through 3.9.24. | 5.3 |
| 2021-03-01 | CVE-2021-27225 | Incorrect Authorization vulnerability in Dataiku Data Science Studio In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access. | 5.4 |
| 2021-02-23 | CVE-2021-22113 | Incorrect Authorization vulnerability in VMWare Spring Cloud Netflix Zuul 2.2.4/2.2.5/2.2.6 Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. | 5.3 |
| 2021-02-19 | CVE-2021-27509 | Incorrect Authorization vulnerability in Visualware Myconnection Server In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | 7.5 |
| 2021-02-19 | CVE-2020-12668 | Incorrect Authorization vulnerability in Hubspot Jinjava Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. | 6.5 |