Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-12053 | Incorrect Authorization vulnerability in Unisys Stealth In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | 9.8 |
| 2020-06-19 | CVE-2020-13263 | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 8.8 |
| 2020-06-19 | CVE-2020-13277 | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 6.5 |
| 2020-06-18 | CVE-2020-3364 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. | 5.3 |
| 2020-06-18 | CVE-2020-3360 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. | 5.3 |
| 2020-06-17 | CVE-2020-6752 | Incorrect Authorization vulnerability in Openmicroscopy Omero In OMERO before 5.6.1, group owners can access members' data in other groups. | 3.8 |
| 2020-06-16 | CVE-2020-14214 | Incorrect Authorization vulnerability in Zammad Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. | 6.5 |
| 2020-06-16 | CVE-2020-7499 | Incorrect Authorization vulnerability in Schneider-Electric products A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | 6.5 |
| 2020-06-10 | CVE-2020-0115 | Incorrect Authorization vulnerability in Google Android In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. | 7.8 |
| 2020-06-08 | CVE-2020-13696 | Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. | 4.4 |