Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-17950 | Incorrect Authorization vulnerability in Microfocus Edirectory Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | 7.5 |
| 2018-12-12 | CVE-2018-18397 | Incorrect Authorization vulnerability in multiple products The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | 5.5 |
| 2018-12-11 | CVE-2018-2494 | Incorrect Authorization vulnerability in SAP Business Application Software Integrated Solution Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform. | 8.0 |
| 2018-12-07 | CVE-2018-7079 | Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager Aruba ClearPass Policy Manager guest authorization failure. | 7.2 |
| 2018-11-30 | CVE-2018-15767 | Incorrect Authorization vulnerability in Dell Openmanage Network Manager 6.5.0/6.5.2 The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. | 8.8 |
| 2018-11-28 | CVE-2018-14748 | Incorrect Authorization vulnerability in Qnap QTS Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. | 7.5 |
| 2018-11-27 | CVE-2018-7988 | Incorrect Authorization vulnerability in Huawei Mate 9 PRO Firmware and Nova 2 Plus Firmware There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. | 4.6 |
| 2018-11-27 | CVE-2018-13356 | Incorrect Authorization vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | 8.8 |
| 2018-11-26 | CVE-2018-13324 | Incorrect Authorization vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | 9.8 |
| 2018-11-16 | CVE-2018-18955 | Incorrect Authorization vulnerability in multiple products In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. | 7.0 |