Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-11209 | Incorrect Authorization vulnerability in Qualcomm products Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | 5.5 |
| 2020-11-11 | CVE-2020-17049 | Incorrect Authorization vulnerability in multiple products A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | 6.6 |
| 2020-11-09 | CVE-2020-25655 | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |
| 2020-11-09 | CVE-2020-24401 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 6.5 |
| 2020-11-06 | CVE-2020-3600 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |
| 2020-11-06 | CVE-2020-3592 | Incorrect Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. | 6.5 |
| 2020-11-05 | CVE-2020-26506 | Incorrect Authorization vulnerability in Marmind 4.1.141.0 An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. | 4.3 |
| 2020-10-28 | CVE-2020-15278 | Incorrect Authorization vulnerability in Cogboard RED Discord BOT Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. | 7.5 |
| 2020-10-27 | CVE-2020-3852 | Incorrect Authorization vulnerability in Apple Safari A logic issue was addressed with improved validation. | 5.3 |
| 2020-10-21 | CVE-2020-3578 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. | 6.5 |