Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2022-24400 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 5.9 |
| 2023-10-19 | CVE-2022-24401 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. | 8.1 |
| 2023-10-16 | CVE-2023-43668 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Inlong Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 | 9.8 |
| 2023-10-13 | CVE-2023-45393 | Authorization Bypass Through User-Controlled Key vulnerability in Grandingteco Utime Master 9.0.7 An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | 6.5 |
| 2023-10-11 | CVE-2023-45396 | Authorization Bypass Through User-Controlled Key vulnerability in Elenos Etg150 Firmware 3.12 An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. | 6.5 |
| 2023-10-10 | CVE-2023-44249 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 |
| 2023-10-09 | CVE-2023-42455 | Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App Wazuh is a security detection, visibility, and compliance open source project. | 8.8 |
| 2023-10-05 | CVE-2023-26237 | Authorization Bypass Through User-Controlled Key vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 6.7 |
| 2023-10-03 | CVE-2023-2544 | Authorization Bypass Through User-Controlled Key vulnerability in UPV Peix Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". | 6.5 |
| 2023-10-03 | CVE-2023-32669 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss 2.2.9 Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. | 5.4 |