Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-08-18 CVE-2021-37409 Incorrect Authorization vulnerability in Intel products
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-863
7.8
2022-08-16 CVE-2020-14321 Incorrect Authorization vulnerability in Moodle
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
network
low complexity
moodle CWE-863
8.8
2022-08-15 CVE-2022-2354 Incorrect Authorization vulnerability in Wp-Dbmanager Project Wp-Dbmanager
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.
network
low complexity
wp-dbmanager-project CWE-863
7.2
2022-08-08 CVE-2022-35487 Incorrect Authorization vulnerability in Zammad 5.2.0
Zammad 5.2.0 suffers from Incorrect Access Control.
network
low complexity
zammad CWE-863
7.5
2022-08-05 CVE-2022-2095 Incorrect Authorization vulnerability in Gitlab
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission.
network
low complexity
gitlab CWE-863
4.3
2022-08-05 CVE-2022-2326 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.
network
low complexity
gitlab CWE-863
8.1
2022-08-05 CVE-2022-2501 Incorrect Authorization vulnerability in Gitlab
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts.
network
low complexity
gitlab CWE-863
7.5
2022-08-03 CVE-2022-27551 Incorrect Authorization vulnerability in Hcltechsw HCL Launch
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
network
low complexity
hcltechsw CWE-863
6.5
2022-08-02 CVE-2022-35924 Incorrect Authorization vulnerability in Nextauth.Js Next-Auth
NextAuth.js is a complete open source authentication solution for Next.js applications.
network
low complexity
nextauth-js CWE-863
critical
9.1
2022-08-01 CVE-2022-35921 Incorrect Authorization vulnerability in Friendsofflarum Byobu 0.30.0
fof/byobu is a private discussions extension for Flarum forum.
network
low complexity
friendsofflarum CWE-863
4.3