Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-07 | CVE-2023-23696 | Incorrect Authorization vulnerability in Dell Command | Intel Vpro OUT of Band Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. | 7.8 |
| 2023-02-03 | CVE-2023-24029 | Incorrect Authorization vulnerability in Progress WS FTP Server In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | 7.2 |
| 2023-02-01 | CVE-2023-23751 | Incorrect Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.4. | 4.3 |
| 2023-02-01 | CVE-2022-47002 | Incorrect Authorization vulnerability in Masacms A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | 9.8 |
| 2023-02-01 | CVE-2023-23924 | Incorrect Authorization vulnerability in Dompdf Project Dompdf 2.0.1 Dompdf is an HTML to PDF converter. | 9.8 |
| 2023-01-31 | CVE-2022-45172 | Incorrect Authorization vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk before v018. | 9.8 |
| 2023-01-31 | CVE-2022-45435 | Incorrect Authorization vulnerability in Sailpoint Identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration. | 6.5 |
| 2023-01-20 | CVE-2023-20018 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 6.5 |
| 2023-01-17 | CVE-2022-23739 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. | 9.8 |
| 2023-01-14 | CVE-2023-22480 | Incorrect Authorization vulnerability in Fit2Cloud Kubeoperator KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. | 9.8 |