Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-1144 | Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. | 8.8 |
| 2021-01-13 | CVE-2021-21609 | Incorrect Authorization vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | 5.3 |
| 2021-01-11 | CVE-2021-0319 | Incorrect Authorization vulnerability in Google Android In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. | 4.4 |
| 2021-01-11 | CVE-2021-0317 | Incorrect Authorization vulnerability in Google Android In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. | 4.4 |
| 2021-01-11 | CVE-2018-8724 | Incorrect Authorization vulnerability in K7Computing products K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. | 4.6 |
| 2021-01-11 | CVE-2018-8044 | Incorrect Authorization vulnerability in K7Computing products K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. | 4.6 |
| 2021-01-08 | CVE-2021-1054 | Incorrect Authorization vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service. | 2.1 |
| 2021-01-06 | CVE-2020-36176 | Incorrect Authorization vulnerability in Ithemes Security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | 5.0 |
| 2021-01-06 | CVE-2020-36175 | Incorrect Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | 5.0 |
| 2021-01-06 | CVE-2020-36173 | Incorrect Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | 5.0 |