Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
| 2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |
| 2023-12-21 | CVE-2023-50732 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.3 |
| 2023-12-20 | CVE-2023-50705 | Incorrect Authorization vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker could create malicious requests to obtain sensitive information about the web server. | 5.3 |
| 2023-12-18 | CVE-2023-6355 | Incorrect Authorization vulnerability in Gallagher Controller 7000 Firmware Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. | 6.8 |
| 2023-12-12 | CVE-2020-10676 | Incorrect Authorization vulnerability in Suse Rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | 8.8 |
| 2023-12-12 | CVE-2023-6542 | Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2 Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. | 7.1 |
| 2023-12-12 | CVE-2023-36646 | Incorrect Authorization vulnerability in Prolion Cryptospike 3.0.15 Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. | 8.8 |
| 2023-12-10 | CVE-2023-50457 | Incorrect Authorization vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 4.3 |
| 2023-12-06 | CVE-2023-48859 | Incorrect Authorization vulnerability in Totolink A3002Ru Firmware 2.0.0B20190902.1958 TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. | 8.8 |