Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-44039 | Incorrect Authorization vulnerability in Franklinfueling Colibri Firmware 1.9.22.8925 Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. | 9.8 |
| 2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |
| 2022-12-05 | CVE-2022-43515 | Incorrect Authorization vulnerability in Zabbix Frontend Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. | 9.8 |
| 2022-12-01 | CVE-2022-41970 | Incorrect Authorization vulnerability in Nextcloud Server Nextcloud Server is an open source personal cloud server. | 5.3 |
| 2022-11-28 | CVE-2022-24189 | Incorrect Authorization vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. | 6.5 |
| 2022-11-28 | CVE-2022-41944 | Incorrect Authorization vulnerability in Discourse Discourse is an open-source discussion platform. | 4.3 |
| 2022-11-23 | CVE-2022-41923 | Incorrect Authorization vulnerability in Grails Spring Security Core Grails Spring Security Core plugin is vulnerable to privilege escalation. | 9.8 |
| 2022-11-17 | CVE-2022-36785 | Incorrect Authorization vulnerability in Dlink G Integrated Access Device4 Firmware 1.0 D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. | 7.5 |
| 2022-11-15 | CVE-2022-20928 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. | 5.8 |
| 2022-11-15 | CVE-2022-45383 | Incorrect Authorization vulnerability in Jenkins Support Core An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. | 6.5 |