Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-06 | CVE-2024-27915 | Incorrect Authorization vulnerability in Sulu Sulu is a PHP content management system. | 8.1 |
| 2024-03-06 | CVE-2024-24761 | Incorrect Authorization vulnerability in Galette 1.0.0/1.0.1 Galette is a membership management web application for non profit organizations. | 7.5 |
| 2024-03-06 | CVE-2024-28174 | Incorrect Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | 5.8 |
| 2024-02-28 | CVE-2024-24773 | Incorrect Authorization vulnerability in Apache Superset Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. | 6.5 |
| 2024-02-21 | CVE-2023-42860 | Incorrect Authorization vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
| 2024-02-20 | CVE-2024-25604 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel. | 6.5 |
| 2024-02-20 | CVE-2024-25149 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. | 5.4 |
| 2024-02-16 | CVE-2024-21987 | Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9 SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | 5.4 |
| 2024-02-16 | CVE-2024-0017 | Incorrect Authorization vulnerability in Google Android In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. | 5.5 |
| 2024-02-14 | CVE-2024-1482 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. | 6.5 |