Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-27 | CVE-2022-23822 | Incorrect Authorization vulnerability in Xilinx Zynq-7000 Firmware and Zynq-7000S Firmware In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. | 6.8 |
| 2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 6.5 |
| 2022-04-21 | CVE-2020-14121 | Incorrect Authorization vulnerability in MI APP Store 4.12.2 A business logic vulnerability exists in Mi App Store. | 5.5 |
| 2022-04-20 | CVE-2022-24865 | Incorrect Authorization vulnerability in Humhub HumHub is an Open Source Enterprise Social Network. | 6.5 |
| 2022-04-19 | CVE-2022-27055 | Incorrect Authorization vulnerability in Ecjia Daojia 1.38.120210202629 ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. | 7.5 |
| 2022-04-18 | CVE-2022-24841 | Incorrect Authorization vulnerability in Fleetdm Fleet fleetdm/fleet is an open source device management, built on osquery. | 8.1 |
| 2022-04-15 | CVE-2022-1365 | Incorrect Authorization vulnerability in Cross-Fetch Project Cross-Fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | 6.5 |
| 2022-04-14 | CVE-2021-28505 | Incorrect Authorization vulnerability in Arista EOS On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | 7.5 |
| 2022-04-12 | CVE-2022-29047 | Incorrect Authorization vulnerability in Jenkins Pipeline: Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 5.3 |
| 2022-04-12 | CVE-2021-0694 | Incorrect Authorization vulnerability in Google Android 11.0 In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. | 7.8 |