Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-21013 | Incorrect Authorization vulnerability in Adobe Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. | 8.1 |
| 2021-01-13 | CVE-2021-1144 | Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. | 8.8 |
| 2021-01-13 | CVE-2021-21609 | Incorrect Authorization vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | 5.3 |
| 2021-01-11 | CVE-2021-0319 | Incorrect Authorization vulnerability in Google Android In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. | 7.3 |
| 2021-01-11 | CVE-2021-0317 | Incorrect Authorization vulnerability in Google Android In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. | 7.8 |
| 2021-01-11 | CVE-2018-8724 | Incorrect Authorization vulnerability in K7Computing products K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. | 7.8 |
| 2021-01-11 | CVE-2018-8044 | Incorrect Authorization vulnerability in K7Computing products K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. | 7.8 |
| 2021-01-08 | CVE-2021-1054 | Incorrect Authorization vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service. | 5.5 |
| 2021-01-01 | CVE-2020-35948 | Incorrect Authorization vulnerability in Xcloner An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. | 8.8 |
| 2021-01-01 | CVE-2016-20005 | Incorrect Authorization vulnerability in Rest/Json Project Rest/Json The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. | 9.8 |