Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2020-6380 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
network
low complexity
google fedoraproject CWE-863
8.8
2020-02-06 CVE-2020-5318 Incorrect Authorization vulnerability in Dell EMC Isilon Onefs
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations.
network
low complexity
dell CWE-863
7.5
2020-02-04 CVE-2020-8119 Incorrect Authorization vulnerability in Nextcloud Server
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
network
low complexity
nextcloud CWE-863
4.3
2020-02-03 CVE-2013-2673 Incorrect Authorization vulnerability in Brother Mfc-9970Cdw Firmware 1.10
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.
low complexity
brother CWE-863
6.8
2020-01-31 CVE-2020-7955 Incorrect Authorization vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure.
network
low complexity
hashicorp CWE-863
5.3
2020-01-30 CVE-2013-2198 Incorrect Authorization vulnerability in Login Security Project Login Security
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.
network
low complexity
login-security-project CWE-863
critical
9.8
2020-01-30 CVE-2013-1350 Incorrect Authorization vulnerability in Veraxsystems Network Management System
Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities
network
low complexity
veraxsystems CWE-863
critical
9.1
2020-01-29 CVE-2013-2574 Incorrect Authorization vulnerability in Foscam Fi8620 Firmware
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
network
low complexity
foscam CWE-863
7.5
2020-01-29 CVE-2020-2104 Incorrect Authorization vulnerability in Jenkins
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
network
low complexity
jenkins CWE-863
4.3
2020-01-28 CVE-2020-8086 Incorrect Authorization vulnerability in multiple products
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function.
network
low complexity
prosody debian CWE-863
critical
9.8