Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-0097 | Incorrect Authorization vulnerability in Google Android 10.0/9.0 In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. | 7.8 |
| 2020-05-14 | CVE-2020-12876 | Incorrect Authorization vulnerability in Veritas Aptare Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. | 7.5 |
| 2020-05-14 | CVE-2020-12875 | Incorrect Authorization vulnerability in Veritas Aptare Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. | 6.3 |
| 2020-05-13 | CVE-2020-1998 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. | 8.8 |
| 2020-05-12 | CVE-2020-8151 | Incorrect Authorization vulnerability in multiple products There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | 7.5 |
| 2020-05-07 | CVE-2020-12691 | Incorrect Authorization vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
| 2020-05-06 | CVE-2020-7921 | Incorrect Authorization vulnerability in Mongodb Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. | 5.3 |
| 2020-05-06 | CVE-2020-4446 | Incorrect Authorization vulnerability in IBM products IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. | 4.3 |
| 2020-05-06 | CVE-2020-2188 | Incorrect Authorization vulnerability in Jenkins Amazon EC2 A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2020-05-04 | CVE-2020-5343 | Incorrect Authorization vulnerability in Dell OS Recovery Image for Microsoft Windows 10 Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. | 7.8 |