Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-26 | CVE-2023-49949 | Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9 Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | 8.1 |
2023-12-22 | CVE-2023-51649 | Incorrect Authorization vulnerability in Networktocode Nautobot Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. | 4.3 |
2023-12-22 | CVE-2022-39337 | Incorrect Authorization vulnerability in Dromara Hertzbeat Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. | 7.5 |
2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |
2023-12-21 | CVE-2023-50732 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.3 |
2023-12-20 | CVE-2023-50705 | Incorrect Authorization vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker could create malicious requests to obtain sensitive information about the web server. | 5.3 |
2023-12-19 | CVE-2023-49734 | Incorrect Authorization vulnerability in Apache Superset An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue. | 6.5 |
2023-12-18 | CVE-2023-6355 | Incorrect Authorization vulnerability in Gallagher Controller 7000 Firmware Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. | 6.8 |
2023-12-18 | CVE-2023-41314 | Incorrect Authorization vulnerability in Apache Doris The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. | 8.2 |