Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-09 | CVE-2019-9149 | Incorrect Authorization vulnerability in Mailvelope Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. | 6.4 |
| 2019-07-03 | CVE-2019-5602 | Incorrect Authorization vulnerability in Freebsd 11.2/11.3/12.0 In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges. | 9.0 |
| 2019-07-02 | CVE-2019-7258 | Incorrect Authorization vulnerability in Nortekcontrol products Linear eMerge E3-Series devices allow Privilege Escalation. | 8.8 |
| 2019-06-28 | CVE-2019-10964 | Incorrect Authorization vulnerability in Medtronic products In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. | 5.8 |
| 2019-06-27 | CVE-2019-5838 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. | 4.3 |
| 2019-05-22 | CVE-2019-3403 | Incorrect Authorization vulnerability in Atlassian Jira The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.0 |
| 2019-05-22 | CVE-2019-3401 | Incorrect Authorization vulnerability in Atlassian Jira and Jira Server The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.0 |
| 2019-05-03 | CVE-2019-1859 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. | 6.5 |
| 2019-04-23 | CVE-2019-7304 | Incorrect Authorization vulnerability in Canonical Snapd Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. | 9.8 |
| 2019-04-09 | CVE-2019-3842 | Incorrect Authorization vulnerability in multiple products In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. | 7.0 |