Vulnerabilities > Improper Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-14 | CVE-2019-10159 | Improper Authorization vulnerability in Redhat Cfme-Gemset and Cloudforms cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. | 4.3 |
2019-06-04 | CVE-2018-13382 | Improper Authorization vulnerability in Fortinet Fortios An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests | 5.0 |
2019-05-22 | CVE-2017-8777 | Improper Authorization vulnerability in Open-Xchange OX Cloud Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization. | 6.5 |
2019-04-03 | CVE-2015-5463 | Improper Authorization vulnerability in Axiomsl Axiom 9.5.3 AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. | 7.5 |
2019-03-25 | CVE-2015-3954 | Improper Authorization vulnerability in Pifzer products Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. | 10.0 |
2019-03-08 | CVE-2019-1604 | Improper Authorization vulnerability in Cisco Nx-Os A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. | 7.2 |
2019-03-08 | CVE-2019-1603 | Improper Authorization vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. | 4.6 |
2019-01-15 | CVE-2018-14662 | Improper Authorization vulnerability in multiple products It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | 2.7 |
2018-10-29 | CVE-2016-10734 | Improper Authorization vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | 7.5 |
2018-09-10 | CVE-2016-7035 | Improper Authorization vulnerability in multiple products An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. | 7.8 |