Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-9272 Incorrect Authorization vulnerability in Google Android 10.0
In WiFi, there is a possible leak of WiFi state due to a permissions bypass.
local
low complexity
google CWE-863
5.5
2019-09-25 CVE-2019-12671 Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS).
local
low complexity
cisco CWE-863
7.8
2019-09-25 CVE-2019-15941 Incorrect Authorization vulnerability in multiple products
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request.
network
low complexity
lemonldap-ng debian CWE-863
critical
9.8
2019-09-25 CVE-2019-12648 Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device.
network
low complexity
cisco CWE-863
8.8
2019-09-25 CVE-2019-16884 Incorrect Authorization vulnerability in multiple products
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
7.5
2019-09-20 CVE-2016-10996 Incorrect Authorization vulnerability in Optinmonster
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.
network
low complexity
optinmonster CWE-863
5.3
2019-09-17 CVE-2019-15729 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1.
network
low complexity
gitlab CWE-863
7.5
2019-09-12 CVE-2019-14237 Incorrect Authorization vulnerability in NXP products
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.
network
low complexity
nxp CWE-863
critical
9.8
2019-09-12 CVE-2019-14236 Incorrect Authorization vulnerability in ST products
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
network
low complexity
st CWE-863
critical
9.8
2019-09-11 CVE-2019-1289 Incorrect Authorization vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-863
5.5