Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2009-3723 | Incorrect Authorization vulnerability in multiple products asterisk allows calls on prohibited networks | 7.5 |
| 2019-10-29 | CVE-2019-4311 | Incorrect Authorization vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. | 5.3 |
| 2019-10-23 | CVE-2019-6144 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint 19.04/19.08 This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | 6.5 |
| 2019-10-15 | CVE-2019-14832 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. | 7.5 |
| 2019-10-05 | CVE-2019-17191 | Incorrect Authorization vulnerability in Signal Private Messenger The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. | 7.5 |
| 2019-09-27 | CVE-2019-9364 | Incorrect Authorization vulnerability in Google Android 10.0 In AudioService, there is a possible trigger of background user audio due to a permissions bypass. | 3.3 |
| 2019-09-27 | CVE-2019-9272 | Incorrect Authorization vulnerability in Google Android 10.0 In WiFi, there is a possible leak of WiFi state due to a permissions bypass. | 5.5 |
| 2019-09-25 | CVE-2019-12671 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). | 7.8 |
| 2019-09-25 | CVE-2019-15941 | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 9.8 |
| 2019-09-25 | CVE-2019-12648 | Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3 A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. | 8.8 |