Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20927 Improper Authorization vulnerability in Cpanel
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
local
low complexity
cpanel CWE-285
3.8
2019-08-01 CVE-2016-10848 Improper Authorization vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
network
low complexity
cpanel CWE-285
7.2
2019-08-01 CVE-2016-10859 Improper Authorization vulnerability in Cpanel
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
network
low complexity
cpanel CWE-285
8.1
2019-07-20 CVE-2018-17210 Improper Authorization vulnerability in Printeron Central Print Services 2.5/4.1.4
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4.
network
low complexity
printeron CWE-285
8.8
2019-07-10 CVE-2018-19581 Improper Authorization vulnerability in Gitlab
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
network
low complexity
gitlab CWE-285
7.5
2019-07-10 CVE-2018-19578 Improper Authorization vulnerability in Gitlab 11.5.0
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.
network
low complexity
gitlab CWE-285
6.5
2019-07-10 CVE-2018-19569 Improper Authorization vulnerability in Gitlab
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
network
low complexity
gitlab CWE-285
8.8
2019-07-03 CVE-2017-9325 Improper Authorization vulnerability in Cloudera CDH
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
network
low complexity
cloudera CWE-285
7.5
2019-07-02 CVE-2017-8409 Improper Authorization vulnerability in Dlink Dcs-1130 Firmware
An issue was discovered on D-Link DCS-1130 devices.
network
low complexity
dlink CWE-285
7.5
2019-06-27 CVE-2018-16086 Improper Authorization vulnerability in Google Chrome
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google CWE-285
5.4