Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-10 | CVE-2020-12780 | Incorrect Authorization vulnerability in Combodo Itop A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | 7.5 |
2020-07-31 | CVE-2020-3386 | Incorrect Authorization vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. | 8.8 |
2020-07-31 | CVE-2020-3374 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. | 9.9 |
2020-07-29 | CVE-2020-14486 | Incorrect Authorization vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands. | 8.8 |
2020-07-27 | CVE-2020-15120 | Incorrect Authorization vulnerability in Ihatemoney I Hate Money In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. | 4.9 |
2020-07-22 | CVE-2020-15126 | Incorrect Authorization vulnerability in Parseplatform Parse Server In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | 6.5 |
2020-07-17 | CVE-2020-15110 | Incorrect Authorization vulnerability in Jupyterhub Kubespawner In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. | 8.1 |
2020-07-16 | CVE-2020-3150 | Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. | 5.9 |
2020-07-16 | CVE-2020-3140 | Incorrect Authorization vulnerability in Cisco Prime License Manager A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. | 9.8 |
2020-07-15 | CVE-2020-2228 | Incorrect Authorization vulnerability in Jenkins Gitlab Authentication Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 |