Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-07 | CVE-2020-13334 | Incorrect Authorization vulnerability in Gitlab In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | 7.5 |
| 2020-10-06 | CVE-2019-19200 | Incorrect Authorization vulnerability in Reddoxx Maildepot 2032 REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | 8.8 |
| 2020-10-01 | CVE-2020-15664 | Incorrect Authorization vulnerability in Mozilla Firefox and Firefox ESR By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. | 6.5 |
| 2020-09-30 | CVE-2020-13322 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions after 12.9. | 7.2 |
| 2020-09-27 | CVE-2020-26121 | Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. | 7.5 |
| 2020-09-27 | CVE-2020-25869 | Incorrect Authorization vulnerability in multiple products An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 7.5 |
| 2020-09-24 | CVE-2020-3477 | Incorrect Authorization vulnerability in Cisco IOS 16.3.11 A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. | 5.5 |
| 2020-09-24 | CVE-2020-3474 | Incorrect Authorization vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. | 8.1 |
| 2020-09-24 | CVE-2020-3404 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. | 7.8 |
| 2020-09-22 | CVE-2020-4621 | Incorrect Authorization vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. | 8.8 |