Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2021-0694 | Incorrect Authorization vulnerability in Google Android 11.0 In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. | 7.2 |
| 2022-04-12 | CVE-2021-39799 | Incorrect Authorization vulnerability in Google Android 12.0/12.1 In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. | 7.2 |
| 2022-04-12 | CVE-2021-39802 | Incorrect Authorization vulnerability in Google Android In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. | 7.2 |
| 2022-04-11 | CVE-2022-1193 | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | 4.3 |
| 2022-04-11 | CVE-2022-27575 | Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0 Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | 3.3 |
| 2022-04-11 | CVE-2022-27836 | Incorrect Authorization vulnerability in Google Android 12.0 Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. | 7.2 |
| 2022-04-11 | CVE-2022-28542 | Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | 2.1 |
| 2022-04-11 | CVE-2022-0920 | Incorrect Authorization vulnerability in Salonbookingsystem Salon Booking System The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | 5.0 |
| 2022-04-07 | CVE-2022-26676 | Incorrect Authorization vulnerability in Aenrich A+Hrd 6.8 aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | 7.5 |
| 2022-04-04 | CVE-2021-32986 | Incorrect Authorization vulnerability in Automationdirect products After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. | 9.8 |