Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2019-5220 | Incorrect Authorization vulnerability in Huawei products There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. | 4.6 |
| 2019-07-09 | CVE-2019-9149 | Incorrect Authorization vulnerability in Mailvelope Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. | 6.5 |
| 2019-07-09 | CVE-2019-13337 | Incorrect Authorization vulnerability in Weseek Growi In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). | 7.5 |
| 2019-07-03 | CVE-2019-5602 | Incorrect Authorization vulnerability in Freebsd 11.2/11.3/12.0 In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges. | 8.8 |
| 2019-07-02 | CVE-2019-7258 | Incorrect Authorization vulnerability in Nortekcontrol products Linear eMerge E3-Series devices allow Privilege Escalation. | 8.8 |
| 2019-06-28 | CVE-2019-10964 | Incorrect Authorization vulnerability in Medtronic products In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. | 8.8 |
| 2019-06-27 | CVE-2019-5838 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. | 4.3 |
| 2019-06-20 | CVE-2019-1626 | Incorrect Authorization vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. | 8.8 |
| 2019-06-12 | CVE-2019-6582 | Incorrect Authorization vulnerability in Siemens products A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). | 7.1 |
| 2019-06-06 | CVE-2019-12492 | Incorrect Authorization vulnerability in Gallagher Command Centre Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services. | 6.5 |