Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-5275 | Incorrect Authorization vulnerability in Sensiolabs Symfony In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. | 8.1 |
| 2020-03-27 | CVE-2020-10510 | Incorrect Authorization vulnerability in SUN Ehrd 8/9 Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. | 6.5 |
| 2020-03-20 | CVE-2020-1796 | Incorrect Authorization vulnerability in Huawei Mate 20 Firmware and Mate 30 PRO Firmware There is an improper authorization vulnerability in several smartphones. | 6.6 |
| 2020-03-19 | CVE-2019-11361 | Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 8.8 |
| 2020-03-16 | CVE-2020-10239 | Incorrect Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.16. | 8.8 |
| 2020-03-13 | CVE-2020-5240 | Incorrect Authorization vulnerability in Labdigital Wagtail-2Fa In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. | 8.5 |
| 2020-03-12 | CVE-2020-10534 | Incorrect Authorization vulnerability in Mediawiki In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. | 9.8 |
| 2020-03-10 | CVE-2020-0087 | Incorrect Authorization vulnerability in Google Android 10.0 In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. | 5.5 |
| 2020-03-10 | CVE-2020-0036 | Incorrect Authorization vulnerability in Google Android In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. | 7.8 |
| 2020-03-10 | CVE-2019-13001 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. | 4.3 |