Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-05 | CVE-2019-19597 | Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | 8.8 |
2019-12-05 | CVE-2019-19520 | Incorrect Authorization vulnerability in Openbsd 6.6 xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | 7.8 |
2019-12-03 | CVE-2013-4411 | Incorrect Authorization vulnerability in multiple products Review Board: URL processing gives unauthorized users access to review lists | 4.3 |
2019-12-02 | CVE-2013-4410 | Incorrect Authorization vulnerability in multiple products ReviewBoard: has an access-control problem in REST API | 7.5 |
2019-11-26 | CVE-2016-6353 | Incorrect Authorization vulnerability in Cloudera CDH Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | 6.5 |
2019-11-26 | CVE-2016-4572 | Incorrect Authorization vulnerability in Cloudera CDH In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | 8.8 |
2019-11-26 | CVE-2016-3131 | Incorrect Authorization vulnerability in Cloudera CDH Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | 6.5 |
2019-11-26 | CVE-2011-3617 | Incorrect Authorization vulnerability in multiple products Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | 6.5 |
2019-11-25 | CVE-2019-5879 | Incorrect Authorization vulnerability in Google Chrome Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | 6.5 |
2019-11-25 | CVE-2019-5864 | Incorrect Authorization vulnerability in Google Chrome Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | 4.3 |