Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-24471 | Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions. | 6.5 |
| 2023-08-07 | CVE-2023-32783 | Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1 The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. | 7.5 |
| 2023-08-03 | CVE-2023-28468 | Incorrect Authorization vulnerability in Insyde Kernel An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.5 |
| 2023-08-03 | CVE-2023-38958 | Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1 An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. | 5.3 |
| 2023-07-31 | CVE-2023-36089 | Incorrect Authorization vulnerability in Dlink Dir-645 Firmware 1.03 Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. | 9.8 |
| 2023-07-31 | CVE-2023-36090 | Incorrect Authorization vulnerability in Dlink Dir-885L Firmware 1.02 Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. | 9.8 |
| 2023-07-31 | CVE-2023-36091 | Incorrect Authorization vulnerability in Dlink Dir-895L Firmware 1.02 Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. | 9.8 |
| 2023-07-31 | CVE-2023-36092 | Incorrect Authorization vulnerability in Dlink Dir-859 Firmware 1.05B03 Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. | 9.8 |
| 2023-07-27 | CVE-2023-38488 | Incorrect Authorization vulnerability in Getkirby Kirby Kirby is a content management system. | 8.8 |
| 2023-07-26 | CVE-2023-39154 | Incorrect Authorization vulnerability in Jenkins Qualys web APP Scanning Connector Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |