Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-49949 Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
network
low complexity
passwork CWE-863
8.1
2023-12-22 CVE-2023-51649 Incorrect Authorization vulnerability in Networktocode Nautobot
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database.
network
low complexity
networktocode CWE-863
4.3
2023-12-22 CVE-2022-39337 Incorrect Authorization vulnerability in Dromara Hertzbeat
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless.
network
low complexity
dromara CWE-863
7.5
2023-12-21 CVE-2023-51379 Incorrect Authorization vulnerability in Github Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token.
network
low complexity
github CWE-863
4.9
2023-12-21 CVE-2023-51380 Incorrect Authorization vulnerability in Github Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 
network
low complexity
github CWE-863
4.3
2023-12-21 CVE-2023-50732 Incorrect Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-863
6.3
2023-12-20 CVE-2023-50705 Incorrect Authorization vulnerability in Efacec UC 500E Firmware 10.1.0
An attacker could create malicious requests to obtain sensitive information about the web server.
network
low complexity
efacec CWE-863
5.3
2023-12-19 CVE-2023-49734 Incorrect Authorization vulnerability in Apache Superset
An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.
network
low complexity
apache CWE-863
6.5
2023-12-18 CVE-2023-6355 Incorrect Authorization vulnerability in Gallagher Controller 7000 Firmware
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug.
low complexity
gallagher CWE-863
6.8
2023-12-18 CVE-2023-41314 Incorrect Authorization vulnerability in Apache Doris
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
network
low complexity
apache CWE-863
8.2