Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-27609 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. | 6.0 |
| 2022-04-04 | CVE-2022-1224 | Incorrect Authorization vulnerability in PHPipam Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | 6.5 |
| 2022-04-03 | CVE-2022-0406 | Incorrect Authorization vulnerability in Janeczku Calibre-Web Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | 4.3 |
| 2022-04-01 | CVE-2021-28504 | Incorrect Authorization vulnerability in Arista EOS On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | 7.5 |
| 2022-04-01 | CVE-2021-32960 | Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. | 8.8 |
| 2022-03-31 | CVE-2021-37517 | Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2 An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | 7.5 |
| 2022-03-30 | CVE-2021-39789 | Incorrect Authorization vulnerability in Google Android 12.1 In Telecom, there is a possible leak of TTY mode change due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39790 | Incorrect Authorization vulnerability in Google Android 12.1 In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-3456 | Incorrect Authorization vulnerability in Theforeman Smart Proxy Salt An improper authorization handling flaw was found in Foreman. | 7.1 |
| 2022-03-30 | CVE-2022-1177 | Incorrect Authorization vulnerability in Open-Emr Openemr Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. | 4.3 |