Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2019-12-05 CVE-2019-19597 Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
low complexity
dlink CWE-863
8.8
2019-12-05 CVE-2019-19520 Incorrect Authorization vulnerability in Openbsd 6.6
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
local
low complexity
openbsd CWE-863
7.8
2019-12-03 CVE-2013-4411 Incorrect Authorization vulnerability in multiple products
Review Board: URL processing gives unauthorized users access to review lists
network
low complexity
reviewboard fedoraproject CWE-863
4.3
2019-12-02 CVE-2013-4410 Incorrect Authorization vulnerability in multiple products
ReviewBoard: has an access-control problem in REST API
network
low complexity
reviewboard fedoraproject CWE-863
7.5
2019-11-26 CVE-2016-6353 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
network
low complexity
cloudera CWE-863
6.5
2019-11-26 CVE-2016-4572 Incorrect Authorization vulnerability in Cloudera CDH
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
network
low complexity
cloudera CWE-863
8.8
2019-11-26 CVE-2016-3131 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
network
low complexity
cloudera CWE-863
6.5
2019-11-26 CVE-2011-3617 Incorrect Authorization vulnerability in multiple products
Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.
network
low complexity
tahoe-lafs debian CWE-863
6.5
2019-11-25 CVE-2019-5879 Incorrect Authorization vulnerability in Google Chrome
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
network
low complexity
google CWE-863
6.5
2019-11-25 CVE-2019-5864 Incorrect Authorization vulnerability in Google Chrome
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
network
low complexity
google CWE-863
4.3