Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-26 | CVE-2022-25274 | Incorrect Authorization vulnerability in Drupal Drupal 9.3 implemented a generic entity access API for entity revisions. | 5.4 |
| 2023-04-25 | CVE-2023-24512 | Incorrect Authorization vulnerability in Arista products On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. | 6.5 |
| 2023-04-24 | CVE-2023-2257 | Incorrect Authorization vulnerability in Devolutions Workspace 2023.1.1.3 Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space. | 7.8 |
| 2023-04-24 | CVE-2023-26097 | Incorrect Authorization vulnerability in Telindus Apsal 3.14.2022.235B An issue was discovered in Telindus Apsal 3.14.2022.235 b. | 5.5 |
| 2023-04-24 | CVE-2023-30544 | Incorrect Authorization vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS is an open source test management system. | 4.3 |
| 2023-04-19 | CVE-2023-20950 | Incorrect Authorization vulnerability in Google Android 11.0/12.0/12.1 In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. | 7.8 |
| 2023-04-18 | CVE-2023-2020 | Incorrect Authorization vulnerability in Checkmk 2.1.0/2.2.0 Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | 4.3 |
| 2023-04-15 | CVE-2020-17354 | Incorrect Authorization vulnerability in Lilypond LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. | 8.6 |
| 2023-04-12 | CVE-2023-22620 | Incorrect Authorization vulnerability in Securepoint Unified Threat Management An issue was discovered in SecurePoint UTM before 12.2.5.1. | 7.5 |
| 2023-04-11 | CVE-2023-25415 | Incorrect Authorization vulnerability in Aten Pe8108 Firmware 2.4.232 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. | 5.3 |