Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-26026 | Incorrect Authorization vulnerability in Acdsee Photo Studio 2021 14.0 PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. | 7.8 |
| 2021-01-26 | CVE-2021-26025 | Incorrect Authorization vulnerability in Acdsee Photo Studio 2021 14.0 PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | 7.8 |
| 2021-01-26 | CVE-2020-9492 | Incorrect Authorization vulnerability in multiple products In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | 8.8 |
| 2021-01-20 | CVE-2021-1305 | Incorrect Authorization vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. | 4.3 |
| 2021-01-20 | CVE-2021-1270 | Incorrect Authorization vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 6.5 |
| 2021-01-20 | CVE-2021-1269 | Incorrect Authorization vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 6.3 |
| 2021-01-19 | CVE-2020-4873 | Incorrect Authorization vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 5.3 |
| 2021-01-13 | CVE-2021-1144 | Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. | 8.8 |
| 2021-01-13 | CVE-2021-21609 | Incorrect Authorization vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | 5.3 |
| 2021-01-11 | CVE-2021-0319 | Incorrect Authorization vulnerability in Google Android In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. | 7.3 |