Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-20866 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. | 4.0 |
| 2021-12-13 | CVE-2021-20867 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. | 4.0 |
| 2021-12-10 | CVE-2021-4089 | Missing Authorization vulnerability in Snipeitapp Snipe-It snipe-it is vulnerable to Improper Access Control | 4.0 |
| 2021-12-08 | CVE-2021-25519 | Missing Authorization vulnerability in Google Android 10.0/11.0/9.0 An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | 3.3 |
| 2021-12-03 | CVE-2021-35413 | Missing Authorization vulnerability in Chamilo LMS A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. | 6.0 |
| 2021-11-24 | CVE-2021-36917 | Missing Authorization vulnerability in Wpwave Hide MY WP 6.2.3 WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. | 7.5 |
| 2021-11-24 | CVE-2021-20835 | Missing Authorization vulnerability in Mercari 3.51.0/3.52.0 Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. | 5.0 |
| 2021-11-19 | CVE-2021-39231 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. | 9.1 |
| 2021-11-19 | CVE-2021-39232 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | 8.8 |
| 2021-11-19 | CVE-2021-39236 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | 8.8 |