Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2013-4862 | Incorrect Authorization vulnerability in Micasaverde Veralite Firmware 1.5.408 MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | 8.1 |
| 2020-01-28 | CVE-2019-5474 | Incorrect Authorization vulnerability in Gitlab An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | 6.5 |
| 2020-01-27 | CVE-2019-17190 | Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101 A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. | 7.8 |
| 2020-01-15 | CVE-2020-2097 | Incorrect Authorization vulnerability in Jenkins Sounds Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
| 2020-01-14 | CVE-2020-6307 | Incorrect Authorization vulnerability in SAP Basis Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | 4.3 |
| 2020-01-10 | CVE-2012-3821 | Incorrect Authorization vulnerability in Arialsoftware Campaign Enterprise A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | 4.3 |
| 2020-01-10 | CVE-2012-3822 | Incorrect Authorization vulnerability in Arialsoftware Campaign Enterprise Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | 7.5 |
| 2020-01-08 | CVE-2019-17014 | Incorrect Authorization vulnerability in Mozilla Firefox If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. | 7.4 |
| 2020-01-08 | CVE-2016-6591 | Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 7.1 |
| 2020-01-07 | CVE-2019-14843 | Incorrect Authorization vulnerability in Redhat products A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. | 8.8 |