Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-1667 | Incorrect Authorization vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. | 3.3 |
| 2019-02-18 | CVE-2019-0105 | Incorrect Authorization vulnerability in Intel Data Center Manager Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-02-08 | CVE-2019-7639 | Incorrect Authorization vulnerability in multiple products An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. | 8.1 |
| 2019-01-28 | CVE-2018-10910 | Incorrect Authorization vulnerability in multiple products A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. | 3.3 |
| 2019-01-22 | CVE-2018-14666 | Incorrect Authorization vulnerability in Redhat Satellite An improper authorization flaw was found in the Smart Class feature of Foreman. | 7.2 |
| 2019-01-18 | CVE-2017-8276 | Incorrect Authorization vulnerability in Qualcomm products Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. | 7.8 |
| 2019-01-16 | CVE-2018-5741 | Incorrect Authorization vulnerability in ISC Bind To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. | 6.5 |
| 2019-01-10 | CVE-2018-20685 | Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . | 5.3 |
| 2019-01-09 | CVE-2018-1000420 | Incorrect Authorization vulnerability in Apache Mesos An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | 6.5 |
| 2019-01-09 | CVE-2018-1000418 | Incorrect Authorization vulnerability in Atlassian Hipchat An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |