Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-14486 Incorrect Authorization vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
network
low complexity
openclinic-ga-project CWE-863
8.8
2020-07-27 CVE-2020-15120 Incorrect Authorization vulnerability in Ihatemoney I Hate Money
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code.
network
low complexity
ihatemoney CWE-863
4.9
2020-07-22 CVE-2020-15126 Incorrect Authorization vulnerability in Parseplatform Parse Server
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
network
low complexity
parseplatform CWE-863
6.5
2020-07-17 CVE-2020-15110 Incorrect Authorization vulnerability in Jupyterhub Kubespawner
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames.
network
low complexity
jupyterhub CWE-863
8.1
2020-07-16 CVE-2020-3150 Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration.
network
high complexity
cisco CWE-863
5.9
2020-07-16 CVE-2020-3140 Incorrect Authorization vulnerability in Cisco Prime License Manager
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
network
low complexity
cisco CWE-863
critical
9.8
2020-07-15 CVE-2020-2228 Incorrect Authorization vulnerability in Jenkins Gitlab Authentication
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
network
low complexity
jenkins CWE-863
8.8
2020-07-09 CVE-2020-7692 Incorrect Authorization vulnerability in Google Oauth Client Library for Java
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps.
network
low complexity
google CWE-863
critical
9.1
2020-07-07 CVE-2020-15513 Incorrect Authorization vulnerability in Mittwald Typo3 Forum
The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.
network
low complexity
mittwald CWE-863
5.3
2020-07-06 CVE-2020-5372 Incorrect Authorization vulnerability in Dell products
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network.
network
low complexity
dell CWE-863
7.5