Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-5195 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | 5.4 |
| 2023-09-29 | CVE-2023-3920 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. | 4.3 |
| 2023-09-27 | CVE-2023-41078 | Incorrect Authorization vulnerability in Apple Macos An authorization issue was addressed with improved state management. | 5.5 |
| 2023-09-20 | CVE-2023-4853 | Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. | 8.1 |
| 2023-09-19 | CVE-2022-47553 | Incorrect Authorization vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server. | 7.5 |
| 2023-09-14 | CVE-2023-4814 | Incorrect Authorization vulnerability in Trellix Data Loss Prevention 11.10.100.17 A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | 7.1 |
| 2023-09-13 | CVE-2023-20190 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. | 5.3 |
| 2023-09-13 | CVE-2023-20191 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. | 7.5 |
| 2023-09-12 | CVE-2023-40611 | Incorrect Authorization vulnerability in Apache Airflow Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. | 4.3 |
| 2023-09-12 | CVE-2023-37881 | Incorrect Authorization vulnerability in Wftpserver Wing FTP Server Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0. | 8.8 |