Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-28504 | Incorrect Authorization vulnerability in Arista EOS On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | 7.5 |
| 2022-04-01 | CVE-2021-32960 | Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. | 8.8 |
| 2022-03-31 | CVE-2021-37517 | Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2 An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | 7.5 |
| 2022-03-30 | CVE-2021-39789 | Incorrect Authorization vulnerability in Google Android 12.1 In Telecom, there is a possible leak of TTY mode change due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39790 | Incorrect Authorization vulnerability in Google Android 12.1 In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-3456 | Incorrect Authorization vulnerability in Theforeman Smart Proxy Salt An improper authorization handling flaw was found in Foreman. | 7.1 |
| 2022-03-30 | CVE-2022-1177 | Incorrect Authorization vulnerability in Open-Emr Openemr Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. | 4.3 |
| 2022-03-30 | CVE-2020-24771 | Incorrect Authorization vulnerability in Nexusphp 1.5 Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | 7.5 |
| 2022-03-28 | CVE-2021-39876 | Incorrect Authorization vulnerability in Gitlab In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. | 4.3 |
| 2022-03-28 | CVE-2022-0720 | Incorrect Authorization vulnerability in Tms-Outsource Amelia The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | 5.4 |