Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2024-1156 | Incorrect Authorization vulnerability in Emerson products Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. | 7.8 |
| 2024-02-20 | CVE-2024-25604 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel. | 6.5 |
| 2024-02-20 | CVE-2024-25149 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. | 5.4 |
| 2024-02-16 | CVE-2024-21987 | Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9 SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | 5.4 |
| 2024-02-16 | CVE-2024-0017 | Incorrect Authorization vulnerability in Google Android In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. | 5.5 |
| 2024-02-14 | CVE-2024-1482 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. | 6.5 |
| 2024-02-14 | CVE-2024-24966 | Incorrect Authorization vulnerability in F5 F5Os-A and F5Os-C When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2024-02-13 | CVE-2023-6152 | Incorrect Authorization vulnerability in Grafana A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | 5.4 |
| 2024-02-13 | CVE-2024-24751 | Incorrect Authorization vulnerability in Derhansen Event Management and Registration 7.0.0 sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. | 8.8 |
| 2024-02-12 | CVE-2024-23833 | Incorrect Authorization vulnerability in Openrefine OpenRefine is a free, open source power tool for working with messy data and improving it. | 7.5 |