Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-25335 | Incorrect Authorization vulnerability in Rigoblock Drago RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. | 7.5 |
| 2022-02-18 | CVE-2022-0451 | Incorrect Authorization vulnerability in Dart Software Development KIT Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. | 6.5 |
| 2022-02-18 | CVE-2022-25318 | Incorrect Authorization vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 4.3 |
| 2022-02-17 | CVE-2022-0633 | Incorrect Authorization vulnerability in Updraftplus The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup. | 6.5 |
| 2022-02-17 | CVE-2022-25270 | Incorrect Authorization vulnerability in Drupal The Quick Edit module does not properly check entity access in some circumstances. | 6.5 |
| 2022-02-16 | CVE-2021-22042 | Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. | 7.8 |
| 2022-02-12 | CVE-2022-0309 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0117 | Incorrect Authorization vulnerability in multiple products Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-02-11 | CVE-2022-23998 | Incorrect Authorization vulnerability in Samsung Camera Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. | 5.5 |
| 2022-02-11 | CVE-2020-13676 | Incorrect Authorization vulnerability in Drupal The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. | 6.5 |