Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-04 | CVE-2023-52944 | Incorrect Authorization vulnerability in Synology Surveillance Station Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. | 4.3 |
| 2024-11-26 | CVE-2024-11680 | Incorrect Authorization vulnerability in Projectsend ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. | 9.8 |
| 2024-11-19 | CVE-2023-21270 | Incorrect Authorization vulnerability in Google Android 12.0/12.1/13.0 In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. | 7.8 |
| 2024-11-18 | CVE-2024-21287 | Incorrect Authorization vulnerability in Oracle Agile Product Lifecycle Management 9.3.6 Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). | 7.5 |
| 2024-11-18 | CVE-2024-48897 | Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. | 4.3 |
| 2024-11-18 | CVE-2024-48901 | Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. | 4.3 |
| 2024-11-15 | CVE-2024-52518 | Incorrect Authorization vulnerability in Nextcloud Server Nextcloud Server is a self hosted personal cloud system. | 5.4 |
| 2024-11-14 | CVE-2024-3379 | Incorrect Authorization vulnerability in Lunary In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. | 8.1 |
| 2024-11-14 | CVE-2022-31667 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | 6.4 |
| 2024-11-14 | CVE-2022-31668 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. | 7.7 |