Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2016-6353 | Incorrect Authorization vulnerability in Cloudera CDH Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | 6.5 |
| 2019-11-26 | CVE-2016-4572 | Incorrect Authorization vulnerability in Cloudera CDH In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | 8.8 |
| 2019-11-26 | CVE-2016-3131 | Incorrect Authorization vulnerability in Cloudera CDH Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | 6.5 |
| 2019-11-26 | CVE-2011-3617 | Incorrect Authorization vulnerability in multiple products Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | 6.5 |
| 2019-11-25 | CVE-2019-5879 | Incorrect Authorization vulnerability in Google Chrome Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | 6.5 |
| 2019-11-25 | CVE-2019-5864 | Incorrect Authorization vulnerability in Google Chrome Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | 4.3 |
| 2019-11-25 | CVE-2019-13716 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2019-11-22 | CVE-2015-1780 | Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | 6.5 |
| 2019-11-21 | CVE-2019-16538 | Incorrect Authorization vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
| 2019-11-21 | CVE-2012-2238 | Incorrect Authorization vulnerability in Tryton Trytond 2.4.0/2.4.1 trytond 2.4: ModelView.button fails to validate authorization | 7.5 |