Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-15468 | Incorrect Authorization vulnerability in XEN An issue was discovered in Xen through 4.11.x. | 6.0 |
| 2018-08-09 | CVE-2018-10925 | Incorrect Authorization vulnerability in multiple products It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... | 8.1 |
| 2018-08-08 | CVE-2018-3778 | Incorrect Authorization vulnerability in Aedes Project Aedes Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | 5.3 |
| 2018-08-03 | CVE-2018-5489 | Incorrect Authorization vulnerability in Netapp 7-Mode Transition Tool NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. | 6.5 |
| 2018-07-31 | CVE-2018-7957 | Incorrect Authorization vulnerability in Huawei Victoria-Al00 Firmware Victoriaal008.0.0.336A(C00) Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. | 3.3 |
| 2018-07-31 | CVE-2017-17708 | Incorrect Authorization vulnerability in Pleasantsolutions Pleasant Password Server Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3. | 4.3 |
| 2018-07-27 | CVE-2017-2632 | Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. | 4.9 |
| 2018-07-24 | CVE-2018-11047 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. | 7.5 |
| 2018-07-24 | CVE-2017-3183 | Incorrect Authorization vulnerability in Sage XRT Treasury 3.0 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. | 8.8 |
| 2018-07-23 | CVE-2018-1999004 | Incorrect Authorization vulnerability in multiple products A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches. | 4.3 |