Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-16 | CVE-2020-3150 | Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. | 5.9 |
| 2020-07-16 | CVE-2020-3140 | Incorrect Authorization vulnerability in Cisco Prime License Manager A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. | 9.8 |
| 2020-07-15 | CVE-2020-2228 | Incorrect Authorization vulnerability in Jenkins Gitlab Authentication Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 |
| 2020-07-09 | CVE-2020-7692 | Incorrect Authorization vulnerability in Google Oauth Client Library for Java PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. | 9.1 |
| 2020-07-07 | CVE-2020-15513 | Incorrect Authorization vulnerability in Mittwald Typo3 Forum The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. | 5.3 |
| 2020-07-06 | CVE-2020-5372 | Incorrect Authorization vulnerability in Dell products Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. | 7.5 |
| 2020-07-01 | CVE-2020-14196 | Incorrect Authorization vulnerability in Powerdns Recursor In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | 5.3 |
| 2020-06-30 | CVE-2020-15084 | Incorrect Authorization vulnerability in Auth0 Express-Jwt In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. | 9.1 |
| 2020-06-22 | CVE-2020-12053 | Incorrect Authorization vulnerability in Unisys Stealth In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | 9.8 |
| 2020-06-19 | CVE-2020-13263 | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 8.8 |