The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,411 vulnerabilities with CWE-862
CVE-2020-29621
MEDIUM
macOS 10.14-10.14.5 and 11.0 - Unauthorized Privacy Preferences Bypass
CVSS 5.5
CVE-2020-36238
MEDIUM
Jira Server and Data Center < 8.5.13 and 8.6.0-8.13.5 - Unauthenticated Username Enumeration via Render API
CVSS 5.3
CVE-2020-14987
HIGH
Bloomreach Experience Manager <14.2.2 - RCE
CVSS 7.2
CVE-2020-10858
MEDIUM
Zulip Desktop <5.0.0 - Info Disclosure
CVSS 5.3
CVE-2020-29604
MEDIUM
MantisBT < 2.24.4 - Missing Authorization for Private Issue Cloning via COPY Group Action
CVSS 6.5
CVE-2020-4816
MEDIUM
IBM Cloud Pak for Security 1.4.0.0 - Information Disclosure via Missing HSTS Enforcement
CVSS 5.9
CVE-2020-7343
MEDIUM
McAfee Agent < 5.7.1 - Missing Authorization for Update Blocking via Temporary Directory Manipulation
CVSS 5.5
CVE-2020-27220
HIGH
Eclipse Hono - Privilege Escalation
CVSS 8.8
CVE-2020-9209
MEDIUM
Huawei SMC2.0 Firmware - Privilege Escalation via Improper Directory Permissions
CVSS 6.7
CVE-2020-5022
MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.6 - Unauthenticated Information Disclosure via VDAP Proxy
CVSS 5.3
CVE-2020-16029
HIGH
Google Chrome < 87.0.4280.66 - Navigation Restriction Bypass via Crafted PDF File
CVSS 8.8
CVE-2020-16027
MEDIUM
Google Chrome < 87.0.4280.66 - Insufficient Policy Enforcement in Developer Tools
CVSS 6.5
CVE-2020-35745
HIGH
PHPGURUKUL Hospital Management System 4.0 - Unauthenticated Missing Authorization
CVSS 8.8
CVE-2020-29160
HIGH
Zammad < 3.5.1 - Missing Authorization for Ticket Article Data Modification
CVSS 7.5
CVE-2020-29158
MEDIUM
Zammad < 3.5.1 - Missing Authorization for Internal Articles via Ticket Detail View
CVSS 4.3
CVE-2020-25917
HIGH
Stratodesk NoTouch Center < 4.4.68 - Privilege Escalation via User Creation Endpoint
CVSS 8.8
CVE-2020-35625
HIGH
MediaWiki < 1.35.1 - Unauthenticated Arbitrary Static Function Execution via Widgets Extension HTML Comment
CVSS 8.8
CVE-2020-4841
MEDIUM
IBM Security Secret Server 10.6 - Missing Authorization
CVSS 5.9
CVE-2020-13519
HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13515
HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13514
HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13513
HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13512
HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-29480
LOW
Xen < 4.14.0 - Missing Authorization in Xenstore Watch Events
CVSS 2.3
CVE-2020-29479
HIGH
Xen < 4.14.0 - Unauthenticated Missing Authorization in Ocaml xenstored
CVSS 8.8
Details
Vulnerabilities
8,411
Exploit Likelihood
High