Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-6380 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. | 8.8 |
2020-02-06 | CVE-2020-5318 | Incorrect Authorization vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. | 7.5 |
2020-02-04 | CVE-2020-8119 | Incorrect Authorization vulnerability in Nextcloud Server Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | 4.3 |
2020-02-03 | CVE-2013-2673 | Incorrect Authorization vulnerability in Brother Mfc-9970Cdw Firmware 1.10 Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | 6.8 |
2020-01-31 | CVE-2020-7955 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. | 5.3 |
2020-01-30 | CVE-2013-2198 | Incorrect Authorization vulnerability in Login Security Project Login Security The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | 9.8 |
2020-01-30 | CVE-2013-1350 | Incorrect Authorization vulnerability in Veraxsystems Network Management System Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | 9.1 |
2020-01-29 | CVE-2013-2574 | Incorrect Authorization vulnerability in Foscam Fi8620 Firmware An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | 7.5 |
2020-01-29 | CVE-2020-2104 | Incorrect Authorization vulnerability in Jenkins Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | 4.3 |
2020-01-28 | CVE-2020-8086 | Incorrect Authorization vulnerability in multiple products The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. | 9.8 |