Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVEs (3,038)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-29295 1Adobe 2Commerce Magento Nov 21, 2024 Jun 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged att...Show more Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.Show less
CVE-2023-29288 1Adobe 2Commerce Magento Nov 21, 2024 Jun 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacke...Show more Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.Show less
CVE-2023-22248 1Adobe 2Commerce Magento Nov 21, 2024 Jun 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could le...Show more Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.Show less
CVE-2023-28175 1Bosch 9Divar Ip 3000 Firmware Divar Ip 4000 FirmwareDivar Ip 5000 Firmware+6 more Nov 21, 2024 Jun 15, 2023 N/A· v4 7.7 HIGH· v3 N/A· v2 Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
CVE-2022-22307 1Ibm 1Security Guardium Nov 21, 2024 Jun 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
CVE-2022-31646 1Hp 327Dragonfly Folio G3 2 In 1 Firmware Elite Dragonfly FirmwareElite Dragonfly G2 Firmware+324 more Dec 30, 2024 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-31644 1Hp 327Dragonfly Folio G3 2 In 1 Firmware Elite Dragonfly FirmwareElite Dragonfly G2 Firmware+324 more Dec 30, 2024 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2023-32061 1Discourse 1Discourse Nov 21, 2024 Jun 13, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy f...Show more Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.Show less
CVE-2023-24546 1Arista 1Cloudvision Portal Jan 6, 2025 Jun 13, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry a...Show more On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.Show less
CVE-2023-34965 1Sspanel Uim Project 1Sspanel Uim Nov 21, 2024 Jun 13, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.
CVE-2023-32220 1Milesight 1Ncr/camera Firmware Jan 6, 2025 Jun 12, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
CVE-2023-32219 1Mazda 1Mazda Firmware Jan 6, 2025 Jun 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A Mazda model (2015-2016) can be unlocked via an unspecified method.
CVE-2023-27716 1Kafkaui Lite Project 1Kafkaui Lite Jan 6, 2025 Jun 12, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.
CVE-2023-29766 1Appcrossx 1Crossx Jan 6, 2025 Jun 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
CVE-2023-29761 1Urbanandroid 1Sleep Jan 6, 2025 Jun 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29759 1Flightaware 1Flightaware Jan 6, 2025 Jun 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
CVE-2023-29758 1Leap 1Blue Light Filter Jan 6, 2025 Jun 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29752 1Ekatox 1Facemoji Emoji Keyboard Jan 6, 2025 Jun 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
CVE-2023-32749 1Pydio 1Cells Jan 6, 2025 Jun 8, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbi...Show more Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.Show less
CVE-2023-34958 1Chamilo 1Chamilo Lms Jan 6, 2025 Jun 8, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.

Previous 1...899091...152 Next