Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-1365 | Incorrect Authorization vulnerability in Cross-Fetch Project Cross-Fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | 6.5 |
| 2022-04-14 | CVE-2021-28505 | Incorrect Authorization vulnerability in Arista EOS On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | 5.0 |
| 2022-04-12 | CVE-2022-29047 | Incorrect Authorization vulnerability in Jenkins Pipeline: Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 5.3 |
| 2022-04-12 | CVE-2021-0694 | Incorrect Authorization vulnerability in Google Android 11.0 In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. | 7.2 |
| 2022-04-12 | CVE-2021-39799 | Incorrect Authorization vulnerability in Google Android 12.0/12.1 In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. | 7.2 |
| 2022-04-12 | CVE-2021-39802 | Incorrect Authorization vulnerability in Google Android In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. | 7.2 |
| 2022-04-11 | CVE-2022-1193 | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | 4.3 |
| 2022-04-11 | CVE-2022-27575 | Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0 Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | 3.3 |
| 2022-04-11 | CVE-2022-27836 | Incorrect Authorization vulnerability in Google Android 12.0 Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. | 7.2 |
| 2022-04-11 | CVE-2022-28542 | Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | 2.1 |