Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2020-9381 | Incorrect Authorization vulnerability in Totaljs Total.Js CMS 13.0.0 controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. | 7.5 |
| 2020-02-24 | CVE-2019-4745 | Incorrect Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. | 4.3 |
| 2020-02-21 | CVE-2014-7914 | Incorrect Authorization vulnerability in Google Android btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | 8.1 |
| 2020-02-20 | CVE-2020-5242 | Incorrect Authorization vulnerability in Openhab openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. | 8.8 |
| 2020-02-18 | CVE-2013-4228 | Incorrect Authorization vulnerability in Organic Groups Project Organic Groups 7.X2.0/7.X2.1/7.X2.2 The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | 4.3 |
| 2020-02-14 | CVE-2020-7251 | Incorrect Authorization vulnerability in Mcafee Endpoint Security Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | 5.5 |
| 2020-02-11 | CVE-2020-6380 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. | 8.8 |
| 2020-02-06 | CVE-2020-5318 | Incorrect Authorization vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. | 7.5 |
| 2020-02-04 | CVE-2020-8119 | Incorrect Authorization vulnerability in Nextcloud Server Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | 4.3 |
| 2020-02-03 | CVE-2013-2673 | Incorrect Authorization vulnerability in Brother Mfc-9970Cdw Firmware 1.10 Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | 6.8 |