Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2022-0984 | Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | 4.3 |
| 2022-04-29 | CVE-2022-0985 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | 4.3 |
| 2022-04-27 | CVE-2022-23822 | Incorrect Authorization vulnerability in Xilinx Zynq-7000 Firmware and Zynq-7000S Firmware In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. | 6.8 |
| 2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 6.5 |
| 2022-04-21 | CVE-2020-14121 | Incorrect Authorization vulnerability in MI APP Store 4.12.2 A business logic vulnerability exists in Mi App Store. | 5.5 |
| 2022-04-20 | CVE-2022-24865 | Incorrect Authorization vulnerability in Humhub HumHub is an Open Source Enterprise Social Network. | 6.5 |
| 2022-04-19 | CVE-2022-27055 | Incorrect Authorization vulnerability in Ecjia Daojia 1.38.120210202629 ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. | 7.5 |
| 2022-04-18 | CVE-2022-24841 | Incorrect Authorization vulnerability in Fleetdm Fleet fleetdm/fleet is an open source device management, built on osquery. | 8.1 |
| 2022-04-15 | CVE-2022-1365 | Incorrect Authorization vulnerability in Cross-Fetch Project Cross-Fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | 6.5 |
| 2022-04-14 | CVE-2021-28505 | Incorrect Authorization vulnerability in Arista EOS On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | 7.5 |