Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2020-14121 | Incorrect Authorization vulnerability in MI APP Store 4.12.2 A business logic vulnerability exists in Mi App Store. | 5.5 |
| 2022-04-20 | CVE-2022-24865 | Incorrect Authorization vulnerability in Humhub HumHub is an Open Source Enterprise Social Network. | 6.5 |
| 2022-04-19 | CVE-2022-27055 | Incorrect Authorization vulnerability in Ecjia Daojia 1.38.120210202629 ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. | 7.5 |
| 2022-04-18 | CVE-2022-24841 | Incorrect Authorization vulnerability in Fleetdm Fleet fleetdm/fleet is an open source device management, built on osquery. | 8.1 |
| 2022-04-15 | CVE-2022-1365 | Incorrect Authorization vulnerability in Cross-Fetch Project Cross-Fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | 6.5 |
| 2022-04-14 | CVE-2021-28505 | Incorrect Authorization vulnerability in Arista EOS On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | 7.5 |
| 2022-04-12 | CVE-2022-29047 | Incorrect Authorization vulnerability in Jenkins Pipeline: Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 5.3 |
| 2022-04-12 | CVE-2021-0694 | Incorrect Authorization vulnerability in Google Android 11.0 In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. | 7.8 |
| 2022-04-12 | CVE-2021-39799 | Incorrect Authorization vulnerability in Google Android 12.0/12.1 In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. | 7.8 |
| 2022-04-12 | CVE-2021-39802 | Incorrect Authorization vulnerability in Google Android In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. | 7.8 |