Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-07 | CVE-2019-1912 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. | 9.1 |
| 2019-07-26 | CVE-2019-13386 | Incorrect Authorization vulnerability in Centos-Webpanel Centos web Panel 0.9.8.846 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. | 8.8 |
| 2019-07-23 | CVE-2019-11724 | Incorrect Authorization vulnerability in multiple products Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. | 6.1 |
| 2019-07-17 | CVE-2019-1010084 | Incorrect Authorization vulnerability in Dancer::Plugin::Simplecrud Project Dancer::Plugin::Simplecrud Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. | 6.5 |
| 2019-07-10 | CVE-2019-5220 | Incorrect Authorization vulnerability in Huawei products There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. | 4.6 |
| 2019-07-09 | CVE-2019-9149 | Incorrect Authorization vulnerability in Mailvelope Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. | 6.5 |
| 2019-07-09 | CVE-2019-13337 | Incorrect Authorization vulnerability in Weseek Growi In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). | 7.5 |
| 2019-07-03 | CVE-2019-5602 | Incorrect Authorization vulnerability in Freebsd 11.2/11.3/12.0 In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges. | 8.8 |
| 2019-07-02 | CVE-2019-7258 | Incorrect Authorization vulnerability in Nortekcontrol products Linear eMerge E3-Series devices allow Privilege Escalation. | 8.8 |
| 2019-06-28 | CVE-2019-10964 | Incorrect Authorization vulnerability in Medtronic products In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. | 8.8 |