Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-23998 | Incorrect Authorization vulnerability in Samsung Camera Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. | 5.5 |
| 2022-02-11 | CVE-2020-13676 | Incorrect Authorization vulnerability in Drupal The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. | 6.5 |
| 2022-02-09 | CVE-2021-39943 | Incorrect Authorization vulnerability in Gitlab An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call | 4.3 |
| 2022-02-09 | CVE-2022-23615 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
| 2022-02-08 | CVE-2022-23627 | Incorrect Authorization vulnerability in Archisteamfarm Project Archisteamfarm ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. | 6.8 |
| 2022-02-04 | CVE-2021-29394 | Incorrect Authorization vulnerability in Globalnorthstar Northstar Club Management 6.3 Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request. | 6.5 |
| 2022-02-03 | CVE-2022-24307 | Incorrect Authorization vulnerability in Joinmastodon Mastodon Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. | 9.8 |
| 2022-01-26 | CVE-2021-46561 | Incorrect Authorization vulnerability in Mitre CVE Services 1.1.1 controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | 7.2 |
| 2022-01-25 | CVE-2021-4133 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | 8.8 |
| 2022-01-25 | CVE-2022-0333 | Incorrect Authorization vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 3.8 |