Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-42541 | Incorrect Authorization vulnerability in Samsung Push Service Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | 5.3 |
| 2023-11-06 | CVE-2023-5352 | Incorrect Authorization vulnerability in Getawesomesupport Awesome Support The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. | 4.3 |
| 2023-11-01 | CVE-2023-20048 | Incorrect Authorization vulnerability in Cisco Firepower Management Center A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. | 9.9 |
| 2023-10-31 | CVE-2023-22518 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | 9.8 |
| 2023-10-31 | CVE-2023-45899 | Incorrect Authorization vulnerability in Idnovate Superuser 2.3.5 An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. | 7.5 |
| 2023-10-31 | CVE-2023-46139 | Incorrect Authorization vulnerability in Kernelsu KernelSU is a Kernel based root solution for Android. | 5.7 |
| 2023-10-30 | CVE-2023-21390 | Incorrect Authorization vulnerability in Google Android In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. | 7.8 |
| 2023-10-30 | CVE-2023-21311 | Incorrect Authorization vulnerability in Google Android In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. | 5.5 |
| 2023-10-30 | CVE-2023-47090 | Incorrect Authorization vulnerability in Linuxfoundation Nats-Server NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. | 6.5 |
| 2023-10-26 | CVE-2023-46754 | Incorrect Authorization vulnerability in Obl.Ong Admin 1.0.0/1.1.0/1.1.1 The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. | 5.3 |