Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2021-35112 | Incorrect Authorization vulnerability in Qualcomm products A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
| 2022-06-13 | CVE-2022-33174 | Incorrect Authorization vulnerability in Powertekpdus products Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. | 5.0 |
| 2022-06-13 | CVE-2022-30308 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-13 | CVE-2022-30309 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-13 | CVE-2022-30310 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-13 | CVE-2022-30311 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-06 | CVE-2022-1935 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured | 4.0 |
| 2022-06-06 | CVE-2022-1936 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured | 4.0 |
| 2022-06-06 | CVE-2022-1944 | Incorrect Authorization vulnerability in Gitlab When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs | 4.9 |
| 2022-05-30 | CVE-2022-1589 | Incorrect Authorization vulnerability in Change Wp-Admin Login Project Change Wp-Admin Login The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. | 7.5 |