Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2020-10239 | Incorrect Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.16. | 8.8 |
| 2020-03-13 | CVE-2020-5240 | Incorrect Authorization vulnerability in Labdigital Wagtail-2Fa In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. | 8.5 |
| 2020-03-12 | CVE-2020-10534 | Incorrect Authorization vulnerability in Mediawiki In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. | 9.8 |
| 2020-03-10 | CVE-2020-0087 | Incorrect Authorization vulnerability in Google Android 10.0 In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. | 5.5 |
| 2020-03-10 | CVE-2020-0036 | Incorrect Authorization vulnerability in Google Android In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. | 7.8 |
| 2020-03-10 | CVE-2019-13001 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. | 4.3 |
| 2020-03-09 | CVE-2020-2148 | Incorrect Authorization vulnerability in Jenkins mac A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 |
| 2020-03-09 | CVE-2020-2135 | Incorrect Authorization vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | 8.8 |
| 2020-03-09 | CVE-2020-2134 | Incorrect Authorization vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | 8.8 |
| 2020-03-04 | CVE-2020-5251 | Incorrect Authorization vulnerability in Parseplatform Parse-Server In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. | 5.3 |