Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-34642 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
low complexity
samsung CWE-863
4.6
2024-09-04 CVE-2024-34650 Incorrect Authorization vulnerability in Samsung Android 14.0
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.
local
low complexity
samsung CWE-863
3.3
2024-09-04 CVE-2024-34651 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
local
low complexity
samsung CWE-863
5.5
2024-09-04 CVE-2024-34652 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
local
low complexity
samsung CWE-863
3.3
2024-09-03 CVE-2024-45588 Incorrect Authorization vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application.
network
low complexity
symphonyfintech CWE-863
8.1
2024-09-01 CVE-2024-45509 Incorrect Authorization vulnerability in Misp
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
network
low complexity
misp CWE-863
6.5
2024-08-30 CVE-2024-38868 Incorrect Authorization vulnerability in Zohocorp Manageengine Endpoint Central
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
network
low complexity
zohocorp CWE-863
8.3
2024-08-29 CVE-2024-41964 Incorrect Authorization vulnerability in Getkirby Kirby
Kirby is a CMS targeting designers and editors.
network
low complexity
getkirby CWE-863
8.1
2024-08-29 CVE-2024-43954 Incorrect Authorization vulnerability in Themeum Droip
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
network
low complexity
themeum CWE-863
6.3
2024-08-25 CVE-2024-8011 Incorrect Authorization vulnerability in Logitech Options+
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
local
low complexity
logitech CWE-863
5.5