Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2021-39799 | Incorrect Authorization vulnerability in Google Android 12.0/12.1 In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. | 7.8 |
| 2022-04-12 | CVE-2021-39802 | Incorrect Authorization vulnerability in Google Android In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. | 7.8 |
| 2022-04-11 | CVE-2022-1193 | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | 4.3 |
| 2022-04-11 | CVE-2022-27575 | Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0 Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | 3.3 |
| 2022-04-11 | CVE-2022-27836 | Incorrect Authorization vulnerability in Google Android 12.0 Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. | 7.8 |
| 2022-04-11 | CVE-2022-28542 | Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | 5.5 |
| 2022-04-07 | CVE-2022-26676 | Incorrect Authorization vulnerability in Aenrich A+Hrd 6.8 aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | 9.8 |
| 2022-04-04 | CVE-2021-32986 | Incorrect Authorization vulnerability in Automationdirect products After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. | 9.8 |
| 2022-04-04 | CVE-2022-0740 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | 4.3 |
| 2022-04-04 | CVE-2022-27608 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. | 6.0 |