Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-26560 | Incorrect Authorization vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. | 8.1 |
| 2021-05-19 | CVE-2021-31158 | Incorrect Authorization vulnerability in Couchbase Server In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | 6.5 |
| 2021-05-14 | CVE-2021-20429 | Incorrect Authorization vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. | 5.3 |
| 2021-05-14 | CVE-2021-24278 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. | 7.5 |
| 2021-05-14 | CVE-2021-24279 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository. | 6.5 |
| 2021-05-14 | CVE-2021-24281 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site. | 4.3 |
| 2021-05-14 | CVE-2021-24282 | Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. | 6.3 |
| 2021-05-13 | CVE-2021-31876 | Incorrect Authorization vulnerability in Bitcoin Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. | 6.5 |
| 2021-05-12 | CVE-2021-3457 | Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks 0.9.0/0.9.1 An improper authorization handling flaw was found in Foreman. | 6.1 |
| 2021-05-12 | CVE-2020-36289 | Incorrect Authorization vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. | 5.3 |