Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2019-08-15 CVE-2018-14670 Improper Authorization vulnerability in Yandex Clickhouse
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
network
low complexity
yandex CWE-285
7.5
2019-08-13 CVE-2019-13416 Improper Authorization vulnerability in Search-Guard Search Guard
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
3.5
2019-08-13 CVE-2019-13415 Improper Authorization vulnerability in Search-Guard Search Guard
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
3.5
2019-08-01 CVE-2018-20945 Improper Authorization vulnerability in Cpanel
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
network
cpanel CWE-285
7.9
2019-08-01 CVE-2018-20927 Improper Authorization vulnerability in Cpanel
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
local
low complexity
cpanel CWE-285
2.1
2019-08-01 CVE-2016-10848 Improper Authorization vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
network
low complexity
cpanel CWE-285
critical
9.0
2019-08-01 CVE-2016-10859 Improper Authorization vulnerability in Cpanel
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
network
low complexity
cpanel CWE-285
5.5
2019-07-30 CVE-2019-10162 Improper Authorization vulnerability in Powerdns Authoritative
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control.
network
low complexity
powerdns CWE-285
5.0
2019-07-20 CVE-2018-17210 Improper Authorization vulnerability in Printeron Central Print Services 2.5/4.1.4
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4.
network
low complexity
printeron CWE-285
6.5
2019-07-10 CVE-2018-19581 Improper Authorization vulnerability in Gitlab
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
network
low complexity
gitlab CWE-285
5.0