Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2021-32163 | Incorrect Authorization vulnerability in Linuxfoundation Modular Open Smart Network Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | 9.8 |
| 2023-02-16 | CVE-2023-23947 | Incorrect Authorization vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 8.5 |
| 2023-02-16 | CVE-2023-24485 | Incorrect Authorization vulnerability in Citrix Workspace 1912/2105/2203.1 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 |
| 2023-02-16 | CVE-2023-25173 | Incorrect Authorization vulnerability in Linuxfoundation Containerd containerd is an open source container runtime. | 7.8 |
| 2023-02-14 | CVE-2023-21715 | Incorrect Authorization vulnerability in Microsoft 365 Apps Microsoft Publisher Security Features Bypass Vulnerability | 7.3 |
| 2023-02-14 | CVE-2023-0814 | Incorrect Authorization vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. | 6.5 |
| 2023-02-11 | CVE-2023-25559 | Incorrect Authorization vulnerability in Datahub Project Datahub DataHub is an open-source metadata platform. | 8.1 |
| 2023-02-09 | CVE-2023-21422 | Incorrect Authorization vulnerability in Samsung Android 11.0/12.0 Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | 5.5 |
| 2023-02-09 | CVE-2023-21423 | Incorrect Authorization vulnerability in Samsung Android 12.0/13.0 Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | 5.5 |
| 2023-02-09 | CVE-2023-21424 | Incorrect Authorization vulnerability in Samsung Android 11.0/12.0 Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | 3.3 |