Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-25406 | Incorrect Authorization vulnerability in Samsung Gear S Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | 6.5 |
| 2021-06-11 | CVE-2021-25410 | Incorrect Authorization vulnerability in Google Android 11.0 Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | 7.1 |
| 2021-06-11 | CVE-2021-25418 | Incorrect Authorization vulnerability in Samsung Internet 13.2.1.46/13.2.1.70/14.0.1.20 Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | 7.8 |
| 2021-06-10 | CVE-2021-21664 | Incorrect Authorization vulnerability in Jenkins Xebialabs XL Deploy An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 6.5 |
| 2021-06-07 | CVE-2021-30533 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | 6.5 |
| 2021-06-07 | CVE-2021-30534 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2021-06-07 | CVE-2021-30537 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. | 4.3 |
| 2021-06-07 | CVE-2021-30538 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |
| 2021-06-07 | CVE-2021-30539 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 5.4 |
| 2021-06-06 | CVE-2021-33881 | Incorrect Authorization vulnerability in NXP products On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. | 4.2 |