Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-36091 | Incorrect Authorization vulnerability in Dlink Dir-895L Firmware 1.02 Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. | 9.8 |
| 2023-07-31 | CVE-2023-36092 | Incorrect Authorization vulnerability in Dlink Dir-859 Firmware 1.05B03 Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. | 9.8 |
| 2023-07-27 | CVE-2023-38488 | Incorrect Authorization vulnerability in Getkirby Kirby Kirby is a content management system. | 8.8 |
| 2023-07-27 | CVE-2023-3957 | Incorrect Authorization vulnerability in Navz ACF Photo Gallery Field The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. | 4.3 |
| 2023-07-26 | CVE-2023-39154 | Incorrect Authorization vulnerability in Jenkins Qualys web APP Scanning Connector Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2023-07-26 | CVE-2023-2640 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. | 7.8 |
| 2023-07-26 | CVE-2023-32629 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | 7.8 |
| 2023-07-25 | CVE-2023-38503 | Incorrect Authorization vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 6.5 |
| 2023-07-25 | CVE-2023-36826 | Incorrect Authorization vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 6.5 |
| 2023-07-24 | CVE-2023-38058 | Incorrect Authorization vulnerability in Otrs An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. | 4.3 |