Latest Incorrect Authorization Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-13313 Incorrect Authorization vulnerability in Gitlab 13.1.0/13.1.1
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab
CWE-863
4.0
2020-09-14 CVE-2020-13318 Incorrect Authorization vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4.
4.9
2020-09-14 CVE-2020-13300 Incorrect Authorization vulnerability in Gitlab
GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
network
low complexity
gitlab
CWE-863
6.4
2020-09-14 CVE-2020-13284 Incorrect Authorization vulnerability in Gitlab 13.1.0/13.1.1
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab
CWE-863
5.5
2020-09-11 CVE-2020-25251 Incorrect Authorization vulnerability in Hyland Onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000.
network
low complexity
hyland
CWE-863
6.4
2020-09-09 CVE-2020-15163 Incorrect Authorization vulnerability in Linuxfoundation the Update Framework
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time.
4.9
2020-09-09 CVE-2020-14292 Incorrect Authorization vulnerability in Health Covidsafe
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
2.9
2020-09-09 CVE-2020-6311 Incorrect Authorization vulnerability in SAP products
Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals.
network
low complexity
sap
CWE-863
4.0
2020-09-09 CVE-2020-6320 Incorrect Authorization vulnerability in SAP Marketing 130/140/150
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted.
network
low complexity
sap
CWE-863
5.5
2020-09-08 CVE-2019-10596 Incorrect Authorization vulnerability in Qualcomm products
u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
local
low complexity
qualcomm
CWE-863
7.2