Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-08 | CVE-2020-3467 | Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. | 7.7 |
| 2020-10-07 | CVE-2020-13335 | Incorrect Authorization vulnerability in Gitlab Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 4.3 |
| 2020-10-07 | CVE-2020-13334 | Incorrect Authorization vulnerability in Gitlab In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | 7.5 |
| 2020-10-06 | CVE-2019-19200 | Incorrect Authorization vulnerability in Reddoxx Maildepot 2032 REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | 8.8 |
| 2020-10-01 | CVE-2020-15664 | Incorrect Authorization vulnerability in Mozilla Firefox and Firefox ESR By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. | 6.5 |
| 2020-09-30 | CVE-2020-13322 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions after 12.9. | 7.2 |
| 2020-09-27 | CVE-2020-26121 | Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. | 7.5 |
| 2020-09-27 | CVE-2020-25869 | Incorrect Authorization vulnerability in multiple products An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 7.5 |
| 2020-09-24 | CVE-2020-3477 | Incorrect Authorization vulnerability in Cisco IOS 16.3.11 A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. | 5.5 |
| 2020-09-24 | CVE-2020-3474 | Incorrect Authorization vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. | 8.1 |