Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-24471 Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.
network
low complexity
nozominetworks CWE-863
6.5
2023-08-07 CVE-2023-32783 Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.
network
low complexity
zohocorp CWE-863
7.5
2023-08-03 CVE-2023-28468 Incorrect Authorization vulnerability in Insyde Kernel
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
low complexity
insyde CWE-863
6.5
2023-08-03 CVE-2023-38958 Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
network
low complexity
zkteco CWE-863
5.3
2023-07-31 CVE-2023-36089 Incorrect Authorization vulnerability in Dlink Dir-645 Firmware 1.03
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin.
network
low complexity
dlink CWE-863
critical
9.8
2023-07-31 CVE-2023-36090 Incorrect Authorization vulnerability in Dlink Dir-885L Firmware 1.02
Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi.
network
low complexity
dlink CWE-863
critical
9.8
2023-07-31 CVE-2023-36091 Incorrect Authorization vulnerability in Dlink Dir-895L Firmware 1.02
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin.
network
low complexity
dlink CWE-863
critical
9.8
2023-07-31 CVE-2023-36092 Incorrect Authorization vulnerability in Dlink Dir-859 Firmware 1.05B03
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main.
network
low complexity
dlink CWE-863
critical
9.8
2023-07-27 CVE-2023-38488 Incorrect Authorization vulnerability in Getkirby Kirby
Kirby is a content management system.
network
low complexity
getkirby CWE-863
8.8
2023-07-26 CVE-2023-39154 Incorrect Authorization vulnerability in Jenkins Qualys web APP Scanning Connector
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-863
6.5