Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-7258 Incorrect Authorization vulnerability in Nortekcontrol products
Linear eMerge E3-Series devices allow Privilege Escalation.
network
low complexity
nortekcontrol CWE-863
8.8
2019-06-28 CVE-2019-10964 Incorrect Authorization vulnerability in Medtronic products
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices.
low complexity
medtronic CWE-863
8.8
2019-06-27 CVE-2019-5838 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian CWE-863
4.3
2019-06-20 CVE-2019-1626 Incorrect Authorization vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device.
network
low complexity
cisco CWE-863
8.8
2019-06-12 CVE-2019-6582 Incorrect Authorization vulnerability in Siemens products
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a).
network
low complexity
siemens CWE-863
7.1
2019-06-06 CVE-2019-12492 Incorrect Authorization vulnerability in Gallagher Command Centre
Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.
network
high complexity
gallagher CWE-863
6.5
2019-06-04 CVE-2018-13382 Incorrect Authorization vulnerability in Fortinet Fortios and Fortiproxy
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
network
low complexity
fortinet CWE-863
7.5
2019-05-22 CVE-2019-3403 Incorrect Authorization vulnerability in Atlassian Jira
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.3
2019-05-22 CVE-2019-3401 Incorrect Authorization vulnerability in Atlassian Jira
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.3
2019-04-23 CVE-2019-7304 Incorrect Authorization vulnerability in Canonical Snapd
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root.
network
low complexity
canonical CWE-863
critical
9.8