Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-40829 | Incorrect Authorization vulnerability in Tencent Enterprise Wechat Privatization 2.5.0/2.6.930000 There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | 7.5 |
| 2023-10-11 | CVE-2023-35653 | Incorrect Authorization vulnerability in Google Android In TBD of TBD, there is a possible way to access location information due to a permissions bypass. | 4.4 |
| 2023-10-10 | CVE-2023-36556 | Incorrect Authorization vulnerability in Fortinet Fortimail An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | 8.8 |
| 2023-10-06 | CVE-2023-44860 | Incorrect Authorization vulnerability in Netis-Systems N3M Firmware 1.0.1.865 An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | 7.5 |
| 2023-10-05 | CVE-2022-3248 | Incorrect Authorization vulnerability in Redhat products A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. | 7.5 |
| 2023-10-04 | CVE-2023-1832 | Incorrect Authorization vulnerability in multiple products An improper access control flaw was found in Candlepin. | 8.1 |
| 2023-10-04 | CVE-2023-4997 | Incorrect Authorization vulnerability in Prointegra Uptimedc Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | 8.8 |
| 2023-09-29 | CVE-2023-5159 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | 2.7 |
| 2023-09-29 | CVE-2023-5193 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. | 2.7 |
| 2023-09-29 | CVE-2023-5194 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager | 4.3 |