Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-09 | CVE-2024-42000 | Incorrect Authorization vulnerability in Mattermost Server Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels. | 4.3 |
| 2024-11-06 | CVE-2024-20537 | Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. | 6.5 |
| 2024-11-06 | CVE-2024-9902 | A flaw was found in Ansible. | 6.3 |
| 2024-11-04 | CVE-2024-45164 | Incorrect Authorization vulnerability in Akamai Secure Internet Access Enterprise Threatavert 19.2.0.2 Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. | 7.1 |
| 2024-11-01 | CVE-2024-49256 | Incorrect Authorization vulnerability in Wpchill Htaccess File Editor Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. | 8.8 |
| 2024-10-29 | CVE-2024-48921 | Incorrect Authorization vulnerability in Nirmata Kyverno Kyverno is a policy engine designed for Kubernetes. | 2.7 |
| 2024-10-25 | CVE-2022-30356 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . | 4.7 |
| 2024-10-25 | CVE-2022-30358 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. | 8.8 |
| 2024-10-25 | CVE-2024-49376 | Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0 Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. | 8.8 |
| 2024-10-25 | CVE-2024-44099 | Incorrect Authorization vulnerability in Google Android There is a possible Local bypass of user interaction due to an insecure default value. | 5.5 |