Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-42473 | Incorrect Authorization vulnerability in Openfga 1.5.7/1.5.8 OpenFGA is an authorization/permission engine. | 9.8 |
| 2024-08-07 | CVE-2024-7265 | Incorrect Authorization vulnerability in Nask EZD RP 15/16/17 Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | 8.8 |
| 2024-08-07 | CVE-2024-7266 | Incorrect Authorization vulnerability in Nask EZD RP 15/16/17 Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | 4.3 |
| 2024-08-07 | CVE-2024-42062 | Incorrect Authorization vulnerability in Apache Cloudstack CloudStack account-users by default use username and password based authentication for API and UI access. | 7.2 |
| 2024-08-06 | CVE-2024-6358 | Incorrect Authorization vulnerability in Opentext Arcsight Intelligence Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. | 8.8 |
| 2024-08-06 | CVE-2024-6202 | Incorrect Authorization vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. | 9.8 |
| 2024-07-26 | CVE-2024-7062 | Incorrect Authorization vulnerability in Mikekazakov Nimble Commander Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. | 7.8 |
| 2024-07-16 | CVE-2024-5816 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. | 5.3 |
| 2024-07-16 | CVE-2024-5817 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. | 6.5 |
| 2024-07-05 | CVE-2024-39696 | Incorrect Authorization vulnerability in Evmos Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. | 8.1 |