Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-29 | CVE-2022-29271 | Incorrect Authorization vulnerability in Nagios XI In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. | 6.5 |
| 2022-06-29 | CVE-2022-32532 | Incorrect Authorization vulnerability in Apache Shiro Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. | 7.5 |
| 2022-06-27 | CVE-2022-31087 | Incorrect Authorization vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 7.8 |
| 2022-06-27 | CVE-2022-31039 | Incorrect Authorization vulnerability in Bigbluebutton Greenlight Greenlight is a simple front-end interface for your BigBlueButton server. | 5.0 |
| 2022-06-24 | CVE-2022-1746 | Incorrect Authorization vulnerability in Dominionvoting Imagecast X 5.5.10.30/5.5.10.32 The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. | 7.6 |
| 2022-06-23 | CVE-2022-22967 | Incorrect Authorization vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. | 8.8 |
| 2022-06-23 | CVE-2022-34180 | Incorrect Authorization vulnerability in Jenkins Embeddable Build Status Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | 7.5 |
| 2022-06-20 | CVE-2017-20066 | Incorrect Authorization vulnerability in Adminer Login Project Adminer Login 1.4.4 A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. | 4.6 |
| 2022-06-20 | CVE-2022-26668 | Incorrect Authorization vulnerability in Asus Control Center 1.4.2.5 ASUS Control Center API has a broken access control vulnerability. | 6.4 |
| 2022-06-14 | CVE-2022-27668 | Incorrect Authorization vulnerability in SAP products Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | 9.8 |