Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-15941 | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 7.5 |
| 2019-09-25 | CVE-2019-12648 | Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3 A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. | 9.0 |
| 2019-09-25 | CVE-2019-16884 | Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | 7.5 |
| 2019-09-20 | CVE-2016-10996 | Incorrect Authorization vulnerability in Optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | 5.0 |
| 2019-09-12 | CVE-2019-14237 | Incorrect Authorization vulnerability in NXP products On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. | 7.5 |
| 2019-09-12 | CVE-2019-14236 | Incorrect Authorization vulnerability in ST products On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | 7.5 |
| 2019-09-11 | CVE-2019-1289 | Incorrect Authorization vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | 3.6 |
| 2019-09-09 | CVE-2019-16114 | Incorrect Authorization vulnerability in Atutor In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. | 7.5 |
| 2019-09-06 | CVE-2019-14813 | Incorrect Authorization vulnerability in multiple products A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 9.8 |
| 2019-09-05 | CVE-2019-2175 | Incorrect Authorization vulnerability in Google Android 9.0 In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. | 4.4 |