Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-1746 | Incorrect Authorization vulnerability in Dominionvoting Imagecast X 5.5.10.30/5.5.10.32 The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. | 7.6 |
| 2022-06-23 | CVE-2022-22967 | Incorrect Authorization vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. | 8.8 |
| 2022-06-23 | CVE-2022-34180 | Incorrect Authorization vulnerability in Jenkins Embeddable Build Status Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | 7.5 |
| 2022-06-20 | CVE-2017-20066 | Incorrect Authorization vulnerability in Adminer Login Project Adminer Login 1.4.4 A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. | 7.8 |
| 2022-06-20 | CVE-2022-26668 | Incorrect Authorization vulnerability in Asus Control Center 1.4.2.5 ASUS Control Center API has a broken access control vulnerability. | 6.5 |
| 2022-06-14 | CVE-2021-35112 | Incorrect Authorization vulnerability in Qualcomm products A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
| 2022-06-13 | CVE-2022-33174 | Incorrect Authorization vulnerability in Powertekpdus products Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. | 7.5 |
| 2022-06-06 | CVE-2022-1935 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured | 6.5 |
| 2022-06-06 | CVE-2022-1936 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured | 6.5 |
| 2022-06-06 | CVE-2022-1944 | Incorrect Authorization vulnerability in Gitlab When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs | 7.1 |