Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-02 | CVE-2020-29454 | Incorrect Authorization vulnerability in Umbraco CMS Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. | 4.3 |
| 2020-12-01 | CVE-2020-26250 | Incorrect Authorization vulnerability in Jupyter Oauthenticator 0.12.0/0.12.1 OAuthenticator is an OAuth login mechanism for JupyterHub. | 6.3 |
| 2020-11-28 | CVE-2020-29374 | Incorrect Authorization vulnerability in multiple products An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. | 3.6 |
| 2020-11-23 | CVE-2020-28053 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. | 6.5 |
| 2020-11-19 | CVE-2020-25701 | Incorrect Authorization vulnerability in multiple products If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. | 5.3 |
| 2020-11-19 | CVE-2020-25699 | Incorrect Authorization vulnerability in multiple products In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. | 7.5 |
| 2020-11-19 | CVE-2020-8278 | Incorrect Authorization vulnerability in Nextcloud Social 0.3.1 Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | 5.3 |
| 2020-11-12 | CVE-2020-11209 | Incorrect Authorization vulnerability in Qualcomm products Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | 5.5 |
| 2020-11-09 | CVE-2020-25655 | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |
| 2020-11-06 | CVE-2020-3600 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |