Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-08 | CVE-2023-30995 | Incorrect Authorization vulnerability in IBM Aspera Faspex IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. | 7.5 |
| 2023-09-08 | CVE-2023-37367 | Incorrect Authorization vulnerability in Samsung products An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. | 5.3 |
| 2023-09-06 | CVE-2023-20269 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. | 9.1 |
| 2023-09-06 | CVE-2023-38486 | Incorrect Authorization vulnerability in Arubanetworks Arubaos A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. | 6.4 |
| 2023-09-06 | CVE-2023-27526 | Incorrect Authorization vulnerability in Apache Superset A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. | 4.3 |
| 2023-09-06 | CVE-2023-36387 | Incorrect Authorization vulnerability in Apache Superset An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | 5.4 |
| 2023-09-05 | CVE-2017-9453 | Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7 BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 9.8 |
| 2023-09-04 | CVE-2023-3814 | Incorrect Authorization vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | 4.9 |
| 2023-09-04 | CVE-2023-4269 | Incorrect Authorization vulnerability in Solwininfotech User Activity LOG The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses. | 4.3 |
| 2023-08-28 | CVE-2023-34724 | Incorrect Authorization vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. | 6.8 |