Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-36051 | Incorrect Authorization vulnerability in Zitadel ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. | 8.8 |
| 2022-08-26 | CVE-2021-3563 | Incorrect Authorization vulnerability in multiple products A flaw was found in openstack-keystone. | 7.4 |
| 2022-08-23 | CVE-2021-3763 | Incorrect Authorization vulnerability in Redhat AMQ Broker 7.8.0/7.8.1/7.8.2 A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. | 4.3 |
| 2022-08-19 | CVE-2022-36009 | Incorrect Authorization vulnerability in Matrix Dendrite and Gomatrixserverlib gomatrixserverlib is a Go library for matrix protocol federation. | 8.8 |
| 2022-08-18 | CVE-2021-37409 | Incorrect Authorization vulnerability in Intel products Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-08-17 | CVE-2022-1401 | Incorrect Authorization vulnerability in Device42 Cmdb Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. | 7.5 |
| 2022-08-16 | CVE-2020-14321 | Incorrect Authorization vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | 8.8 |
| 2022-08-15 | CVE-2022-2354 | Incorrect Authorization vulnerability in Wp-Dbmanager Project Wp-Dbmanager The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. | 7.2 |
| 2022-08-08 | CVE-2022-35487 | Incorrect Authorization vulnerability in Zammad 5.2.0 Zammad 5.2.0 suffers from Incorrect Access Control. | 7.5 |
| 2022-08-05 | CVE-2022-2095 | Incorrect Authorization vulnerability in Gitlab An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. | 4.3 |