Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-03 | CVE-2020-8142 | Incorrect Authorization vulnerability in Revive-Adserver Revive Adserver A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. | 4.6 |
2020-04-01 | CVE-2018-11802 | Incorrect Authorization vulnerability in Apache Solr In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. | 4.0 |
2020-03-30 | CVE-2020-5275 | Incorrect Authorization vulnerability in Sensiolabs Symfony In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. | 8.1 |
2020-03-27 | CVE-2020-10952 | Incorrect Authorization vulnerability in Gitlab GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. | 5.8 |
2020-03-26 | CVE-2020-1800 | Incorrect Authorization vulnerability in Huawei P30 Firmware HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. | 6.8 |
2020-03-24 | CVE-2020-10839 | Incorrect Authorization vulnerability in Google Android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. | 4.6 |
2020-03-20 | CVE-2020-10194 | Incorrect Authorization vulnerability in Zimbra Zm-Mailbox cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. | 4.0 |
2020-03-20 | CVE-2020-1796 | Incorrect Authorization vulnerability in Huawei Mate 20 Firmware and Mate 30 PRO Firmware There is an improper authorization vulnerability in several smartphones. | 4.6 |
2020-03-19 | CVE-2019-11361 | Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 6.5 |
2020-03-18 | CVE-2019-14883 | Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. | 4.3 |