Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-9364 | Incorrect Authorization vulnerability in Google Android 10.0 In AudioService, there is a possible trigger of background user audio due to a permissions bypass. | 3.3 |
| 2019-09-27 | CVE-2019-9272 | Incorrect Authorization vulnerability in Google Android 10.0 In WiFi, there is a possible leak of WiFi state due to a permissions bypass. | 5.5 |
| 2019-09-25 | CVE-2019-12671 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). | 7.8 |
| 2019-09-25 | CVE-2019-15941 | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 9.8 |
| 2019-09-25 | CVE-2019-12648 | Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3 A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. | 8.8 |
| 2019-09-25 | CVE-2019-16884 | Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | 7.5 |
| 2019-09-20 | CVE-2016-10996 | Incorrect Authorization vulnerability in Optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | 5.3 |
| 2019-09-17 | CVE-2019-15729 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. | 7.5 |
| 2019-09-12 | CVE-2019-14237 | Incorrect Authorization vulnerability in NXP products On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. | 9.8 |
| 2019-09-12 | CVE-2019-14236 | Incorrect Authorization vulnerability in ST products On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | 9.8 |