Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-15 | CVE-2011-2726 | Incorrect Authorization vulnerability in multiple products An access bypass issue was found in Drupal 7.x before version 7.5. | 7.5 |
| 2019-11-14 | CVE-2019-18949 | Incorrect Authorization vulnerability in Snowhaze SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. | 7.5 |
| 2019-11-14 | CVE-2011-1070 | Incorrect Authorization vulnerability in multiple products v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. | 7.8 |
| 2019-11-13 | CVE-2019-5231 | Incorrect Authorization vulnerability in Huawei P30 Firmware P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. | 4.6 |
| 2019-11-12 | CVE-2018-18819 | Incorrect Authorization vulnerability in Mitel Micollab and Mivoice Business Express A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. | 5.3 |
| 2019-11-09 | CVE-2019-4509 | Incorrect Authorization vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. | 4.3 |
| 2019-11-06 | CVE-2019-12419 | Incorrect Authorization vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. | 9.8 |
| 2019-10-31 | CVE-2010-2548 | Incorrect Authorization vulnerability in Redhat Icedtea6 1.7 IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | 9.1 |
| 2019-10-31 | CVE-2018-21030 | Incorrect Authorization vulnerability in Jupyter Notebook Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. | 5.3 |
| 2019-10-29 | CVE-2019-5533 | Incorrect Authorization vulnerability in VMWare Sd-Wan BY Velocloud In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. | 4.3 |