Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-05-10 CVE-2022-41610 Incorrect Authorization vulnerability in Intel products
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel CWE-863
5.5
2023-05-10 CVE-2022-43465 Incorrect Authorization vulnerability in Intel Setup and Configuration Software
Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel CWE-863
5.5
2023-05-10 CVE-2022-45128 Incorrect Authorization vulnerability in Intel Endpoint Management Assistant
Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel CWE-863
5.5
2023-05-09 CVE-2023-32060 Incorrect Authorization vulnerability in Dhis2 Dhis 2
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture.
network
low complexity
dhis2 CWE-863
6.5
2023-05-08 CVE-2023-1979 Incorrect Authorization vulnerability in Google web Stories
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password.
network
low complexity
google CWE-863
6.5
2023-05-08 CVE-2023-2534 Incorrect Authorization vulnerability in Otrs
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage.
network
low complexity
otrs CWE-863
8.1
2023-05-02 CVE-2023-31435 Incorrect Authorization vulnerability in Evasys 8.2/9.0
Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.
network
low complexity
evasys CWE-863
8.1
2023-04-28 CVE-2023-30467 Incorrect Authorization vulnerability in Milesight products
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface.
network
low complexity
milesight CWE-863
critical
9.8
2023-04-26 CVE-2023-27107 Incorrect Authorization vulnerability in Myq-Solution Central Server and Print Server
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.
network
low complexity
myq-solution CWE-863
8.8
2023-04-26 CVE-2023-31250 Incorrect Authorization vulnerability in Drupal
The file download facility doesn't sufficiently sanitize file paths in certain situations.
network
low complexity
drupal CWE-863
6.5