Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2021-45466 | Incorrect Authorization vulnerability in Control-Webpanel Webpanel In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder. | 9.8 |
| 2022-12-25 | CVE-2022-45891 | Incorrect Authorization vulnerability in Planetestream Planet Estream Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList). | 9.1 |
| 2022-12-22 | CVE-2022-22754 | Incorrect Authorization vulnerability in Mozilla Firefox If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. | 6.5 |
| 2022-12-22 | CVE-2022-38475 | Incorrect Authorization vulnerability in Mozilla Firefox An attacker could have written a value to the first element in a zero-length JavaScript array. | 6.5 |
| 2022-12-20 | CVE-2022-43872 | Incorrect Authorization vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. | 5.3 |
| 2022-12-20 | CVE-2022-46076 | Incorrect Authorization vulnerability in Dlink Dir-869 Firmware and Dir-869Ax Firmware D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. | 7.5 |
| 2022-12-17 | CVE-2022-23488 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
| 2022-12-16 | CVE-2022-23490 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
| 2022-12-14 | CVE-2022-23741 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. | 7.2 |
| 2022-12-12 | CVE-2022-3879 | Incorrect Authorization vulnerability in CAR Dealer Project CAR Dealer The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |