Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-02 | CVE-2023-1603 | Incorrect Authorization vulnerability in Devolutions Server Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 6.5 |
| 2023-03-31 | CVE-2023-23594 | Incorrect Authorization vulnerability in Sato-Global Cl4Nx Plus Firmware An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes. | 9.8 |
| 2023-03-31 | CVE-2023-26829 | Incorrect Authorization vulnerability in Gladinet Centrestack An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass. | 9.8 |
| 2023-03-27 | CVE-2023-1136 | Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | 7.5 |
| 2023-03-27 | CVE-2023-1144 | Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | 8.8 |
| 2023-03-24 | CVE-2023-21034 | Incorrect Authorization vulnerability in Google Android 13.0 In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. | 7.8 |
| 2023-03-24 | CVE-2023-21035 | Incorrect Authorization vulnerability in Google Android 13.0 In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. | 7.8 |
| 2023-03-23 | CVE-2023-28611 | Incorrect Authorization vulnerability in Omicronenergy Stationguard and Stationscout Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. | 9.8 |
| 2023-03-23 | CVE-2023-23192 | Incorrect Authorization vulnerability in Isdecisions Userlock 11.0.1 IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task. | 7.2 |
| 2023-03-22 | CVE-2023-25594 | Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. | 8.8 |