Vulnerabilities > Improper Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2018-19581 | Improper Authorization vulnerability in Gitlab GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | 7.5 |
| 2019-07-10 | CVE-2018-19578 | Improper Authorization vulnerability in Gitlab 11.5.0 GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | 6.5 |
| 2019-07-10 | CVE-2018-19569 | Improper Authorization vulnerability in Gitlab GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | 8.8 |
| 2019-07-03 | CVE-2017-9325 | Improper Authorization vulnerability in Cloudera CDH The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. | 7.5 |
| 2019-07-02 | CVE-2017-8409 | Improper Authorization vulnerability in Dlink Dcs-1130 Firmware An issue was discovered on D-Link DCS-1130 devices. | 7.5 |
| 2019-06-27 | CVE-2018-16086 | Improper Authorization vulnerability in Google Chrome Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 5.4 |
| 2019-06-27 | CVE-2018-16077 | Improper Authorization vulnerability in Google Chrome Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 |
| 2019-06-27 | CVE-2018-16074 | Improper Authorization vulnerability in Google Chrome Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 6.5 |
| 2019-06-27 | CVE-2018-16073 | Improper Authorization vulnerability in Google Chrome Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 6.5 |
| 2019-06-14 | CVE-2018-13908 | Improper Authorization vulnerability in Qualcomm products Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | 7.8 |