Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2020-7955 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. | 5.3 |
| 2020-01-30 | CVE-2013-2198 | Incorrect Authorization vulnerability in Login Security Project Login Security The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | 9.8 |
| 2020-01-30 | CVE-2013-1350 | Incorrect Authorization vulnerability in Veraxsystems Network Management System Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | 9.1 |
| 2020-01-29 | CVE-2013-2574 | Incorrect Authorization vulnerability in Foscam Fi8620 Firmware An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | 7.5 |
| 2020-01-29 | CVE-2020-2104 | Incorrect Authorization vulnerability in Jenkins Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | 4.3 |
| 2020-01-28 | CVE-2020-8086 | Incorrect Authorization vulnerability in multiple products The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. | 9.8 |
| 2020-01-28 | CVE-2013-4862 | Incorrect Authorization vulnerability in Micasaverde Veralite Firmware 1.5.408 MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | 8.1 |
| 2020-01-28 | CVE-2019-5474 | Incorrect Authorization vulnerability in Gitlab An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | 6.5 |
| 2020-01-27 | CVE-2019-17190 | Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101 A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. | 7.8 |
| 2020-01-15 | CVE-2020-2097 | Incorrect Authorization vulnerability in Jenkins Sounds Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |