Latest Incorrect Authorization Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-14 | CVE-2020-13313 | Incorrect Authorization vulnerability in Gitlab 13.1.0/13.1.1 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | |
| 2020-09-14 | CVE-2020-13318 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. | |
| 2020-09-14 | CVE-2020-13300 | Incorrect Authorization vulnerability in Gitlab GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | |
| 2020-09-14 | CVE-2020-13284 | Incorrect Authorization vulnerability in Gitlab 13.1.0/13.1.1 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | |
| 2020-09-11 | CVE-2020-25251 | Incorrect Authorization vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. | |
| 2020-09-09 | CVE-2020-15163 | Incorrect Authorization vulnerability in Linuxfoundation the Update Framework Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. | |
| 2020-09-09 | CVE-2020-14292 | Incorrect Authorization vulnerability in Health Covidsafe In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone. | |
| 2020-09-09 | CVE-2020-6311 | Incorrect Authorization vulnerability in SAP products Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. | |
| 2020-09-09 | CVE-2020-6320 | Incorrect Authorization vulnerability in SAP Marketing 130/140/150 SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. | |
| 2020-09-08 | CVE-2019-10596 | Incorrect Authorization vulnerability in Qualcomm products u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |