Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2024-25604 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel. | 6.5 |
| 2024-02-20 | CVE-2024-25149 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. | 5.4 |
| 2024-02-16 | CVE-2024-21987 | Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9 SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | 5.4 |
| 2024-02-16 | CVE-2024-0017 | Incorrect Authorization vulnerability in Google Android In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. | 5.5 |
| 2024-02-13 | CVE-2023-6152 | Incorrect Authorization vulnerability in Grafana A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | 5.4 |
| 2024-02-13 | CVE-2024-24751 | Incorrect Authorization vulnerability in Derhansen Event Management and Registration 7.0.0 sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. | 8.8 |
| 2024-02-12 | CVE-2024-23833 | Incorrect Authorization vulnerability in Openrefine OpenRefine is a free, open source power tool for working with messy data and improving it. | 7.5 |
| 2024-02-12 | CVE-2024-25108 | Incorrect Authorization vulnerability in Pixelfed Pixelfed is an open source photo sharing platform. | 8.8 |
| 2024-02-12 | CVE-2023-6036 | Incorrect Authorization vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. | 9.8 |
| 2024-02-09 | CVE-2024-24774 | Incorrect Authorization vulnerability in Mattermost Server Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 4.1 |