Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-28542 | Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | 5.5 |
| 2022-04-07 | CVE-2022-26676 | Incorrect Authorization vulnerability in Aenrich A+Hrd 6.8 aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | 9.8 |
| 2022-04-04 | CVE-2021-32986 | Incorrect Authorization vulnerability in Automationdirect products After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. | 9.8 |
| 2022-04-04 | CVE-2022-0740 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | 4.3 |
| 2022-04-04 | CVE-2022-27608 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. | 6.0 |
| 2022-04-04 | CVE-2022-27609 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. | 6.0 |
| 2022-04-04 | CVE-2022-1224 | Incorrect Authorization vulnerability in PHPipam Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | 6.5 |
| 2022-04-03 | CVE-2022-0406 | Incorrect Authorization vulnerability in Janeczku Calibre-Web Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | 4.3 |
| 2022-04-01 | CVE-2021-28504 | Incorrect Authorization vulnerability in Arista EOS On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | 7.5 |
| 2022-04-01 | CVE-2021-32960 | Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. | 8.8 |