Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-13 | CVE-2021-28373 | Incorrect Authorization vulnerability in Tt-Rss Tiny RSS 17.4/20200916 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. | 5.0 |
2021-03-13 | CVE-2020-35682 | Incorrect Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus 8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 6.5 |
2021-03-12 | CVE-2021-21367 | Incorrect Authorization vulnerability in multiple products Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. | 8.1 |
2021-03-10 | CVE-2021-0382 | Incorrect Authorization vulnerability in Google Android 11.0 In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. | 2.1 |
2021-03-10 | CVE-2021-0376 | Incorrect Authorization vulnerability in Google Android 11.0 In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. | 4.6 |
2021-03-10 | CVE-2021-20670 | Incorrect Authorization vulnerability in Weseek Growi Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors. | 5.0 |
2021-03-09 | CVE-2021-21186 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. | 4.3 |
2021-03-09 | CVE-2021-21182 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 6.5 |
2021-03-09 | CVE-2021-21484 | Incorrect Authorization vulnerability in SAP Hana 2.0 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. | 6.8 |
2021-03-09 | CVE-2021-21481 | Incorrect Authorization vulnerability in SAP Netweaver The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. | 8.3 |