Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-20676 | Incorrect Authorization vulnerability in M-System products M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors. | 4.3 |
| 2021-03-16 | CVE-2020-24264 | Incorrect Authorization vulnerability in Portainer Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. | 9.8 |
| 2021-03-15 | CVE-2021-20281 | Incorrect Authorization vulnerability in multiple products It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
| 2021-03-13 | CVE-2021-28373 | Incorrect Authorization vulnerability in Tt-Rss Tiny RSS 17.4/20200916 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. | 7.5 |
| 2021-03-13 | CVE-2020-35682 | Incorrect Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 8.8 |
| 2021-03-10 | CVE-2021-0382 | Incorrect Authorization vulnerability in Google Android 11.0 In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. | 5.5 |
| 2021-03-10 | CVE-2021-0376 | Incorrect Authorization vulnerability in Google Android 11.0 In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. | 7.8 |
| 2021-03-09 | CVE-2021-21186 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. | 4.3 |
| 2021-03-09 | CVE-2021-21182 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2021-03-09 | CVE-2021-21484 | Incorrect Authorization vulnerability in SAP Hana 2.0 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. | 9.8 |