Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-25 | CVE-2019-5864 | Incorrect Authorization vulnerability in Google Chrome Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | 4.3 |
| 2019-11-25 | CVE-2019-13716 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2019-11-22 | CVE-2015-1780 | Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | 4.0 |
| 2019-11-21 | CVE-2019-16538 | Incorrect Authorization vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
| 2019-11-21 | CVE-2012-2238 | Incorrect Authorization vulnerability in Tryton Trytond 2.4.0/2.4.1 trytond 2.4: ModelView.button fails to validate authorization | 5.0 |
| 2019-11-15 | CVE-2011-2726 | Incorrect Authorization vulnerability in multiple products An access bypass issue was found in Drupal 7.x before version 7.5. | 5.0 |
| 2019-11-14 | CVE-2011-1070 | Incorrect Authorization vulnerability in multiple products v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. | 7.2 |
| 2019-11-13 | CVE-2019-5231 | Incorrect Authorization vulnerability in Huawei P30 Firmware P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. | 2.1 |
| 2019-11-12 | CVE-2018-18819 | Incorrect Authorization vulnerability in Mitel Micollab and Mivoice Business Express A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. | 5.0 |
| 2019-11-09 | CVE-2019-4509 | Incorrect Authorization vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. | 4.0 |