Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-14 | CVE-2020-13313 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 4.3 |
| 2020-09-14 | CVE-2020-13300 | Incorrect Authorization vulnerability in Gitlab 13.3.0/13.3.1/13.3.2 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 10.0 |
| 2020-09-14 | CVE-2020-13284 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 6.5 |
| 2020-09-13 | CVE-2020-25284 | Incorrect Authorization vulnerability in multiple products The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | 4.1 |
| 2020-09-04 | CVE-2020-3530 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. | 8.4 |
| 2020-09-04 | CVE-2020-3473 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. | 7.8 |
| 2020-09-04 | CVE-2020-24941 | Incorrect Authorization vulnerability in Laravel An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. | 7.5 |
| 2020-09-03 | CVE-2020-5418 | Incorrect Authorization vulnerability in Cloudfoundry Capi-Release Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). | 4.3 |
| 2020-09-02 | CVE-2020-25025 | Incorrect Authorization vulnerability in Localization Manager Project Localization Manager The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). | 4.3 |
| 2020-08-31 | CVE-2020-25055 | Incorrect Authorization vulnerability in Google Android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. | 9.8 |