Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-34650 Incorrect Authorization vulnerability in Samsung Android 14.0
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.
local
low complexity
samsung CWE-863
3.3
2024-09-04 CVE-2024-34651 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
local
low complexity
samsung CWE-863
5.5
2024-09-04 CVE-2024-34652 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
local
low complexity
samsung CWE-863
3.3
2024-09-03 CVE-2024-45588 Incorrect Authorization vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application.
network
low complexity
symphonyfintech CWE-863
8.1
2024-09-01 CVE-2024-45509 Incorrect Authorization vulnerability in Misp
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
network
low complexity
misp CWE-863
6.5
2024-08-30 CVE-2024-38868 Incorrect Authorization vulnerability in Zohocorp Manageengine Endpoint Central
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
network
low complexity
zohocorp CWE-863
8.3
2024-08-29 CVE-2024-41964 Incorrect Authorization vulnerability in Getkirby Kirby
Kirby is a CMS targeting designers and editors.
network
low complexity
getkirby CWE-863
8.1
2024-08-29 CVE-2024-43954 Incorrect Authorization vulnerability in Themeum Droip
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
network
low complexity
themeum CWE-863
6.3
2024-08-25 CVE-2024-8011 Incorrect Authorization vulnerability in Logitech Options+
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
local
low complexity
logitech CWE-863
5.5
2024-08-22 CVE-2024-3127 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1.
network
low complexity
gitlab CWE-863
4.3