The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,411 vulnerabilities with CWE-862
CVE-2020-27777
MEDIUM
Linux Kernel < 4.14.204 - Missing Authorization in RTAS Memory Access Handling
CVSS 6.7
CVE-2020-27057
LOW
Android - Missing Authorization in GpuService.cpp
CVSS 3.3
CVE-2020-27056
LOW
Android 11 - Unauthenticated Local Information Disclosure via SELinux Policy Misconfiguration
CVSS 3.3
CVE-2020-27054
HIGH
Android 11 - Missing Authorization in BluetoothManagerService onFactoryReset
CVSS 7.8
CVE-2020-27053
MEDIUM
Android 11 - Missing Authorization Check in ClientModeImpl
CVSS 4.4
CVE-2020-27052
HIGH
Android 11 - Unauthenticated Permissions Bypass in Lock Task Mode
CVSS 7.8
CVE-2020-27032
MEDIUM
Android - Missing Authorization in PhoneInterfaceManager
CVSS 5.5
CVE-2020-0497
MEDIUM
Android 11 - Unauthenticated Local Information Disclosure via BiometricServiceBase
CVSS 5.5
CVE-2020-0485
HIGH
Android 11 - Missing Authorization in UsbBackend.java
CVSS 7.8
CVE-2020-0480
HIGH
Android 11 - Missing Authorization in DocumentsProvider
CVSS 7.8
CVE-2020-0477
MEDIUM
Android 11 - Unauthenticated Information Disclosure via ClientModeImpl Broadcast
CVSS 5.5
CVE-2020-0475
HIGH
Android 11 - Missing Authorization in WindowManagerService Input Consumer
CVSS 7.8
CVE-2020-0468
MEDIUM
Android 10-11 - Unauthenticated Local Information Disclosure via TelephonyRegistry Permissions Bypass
CVSS 5.5
CVE-2020-0459
LOW
Android 8.0-10 - Unauthenticated Sensitive WiFi Configuration Data Leak via WifiConfigManager
CVSS 3.3
CVE-2020-0440
HIGH
Android 11 - Missing Authorization in DisplayManagerService
CVSS 7.8
CVE-2020-26415
MEDIUM
GitLab <13.4.7,<13.5.5,<13.6.2 - Info Disclosure
CVSS 4.3
CVE-2020-26408
MEDIUM
GitLab 12.2.0-13.4.6, 13.5.0-13.5.4, 13.6.0-13.6.1 - Limited Information Disclosure in Private Profile
CVSS 5.3
CVE-2020-28215
CRITICAL
Easergy T300 Firmware < 2.7 - Missing Authorization
CVSS 9.8
CVE-2020-25499
HIGH
TOTOLINK A3002RU-V2 < 2.1.1-b20200911.1756 - Authenticated OS Command Injection via Run Command
CVSS 8.8
CVE-2020-26832
HIGH
SAP AS ABAP/S4 HANA - Privilege Escalation
CVSS 7.6
CVE-2020-26830
HIGH
SAP Solution Manager 7.2 - Privilege Escalation
CVSS 8.1
CVE-2020-27349
MEDIUM
Aptdaemon <1.1.1+bzr982-0ubuntu34.1 - Privilege Escalation
CVSS 5.5
CVE-2020-14205
MEDIUM
DiveBook 1.1.4 - Missing Authorization in Log Dive Form
CVSS 5.3
CVE-2020-25629
HIGH
Moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Privilege Escalation via 'Log in as' Capability
CVSS 8.8
CVE-2020-23740
HIGH
DriverGenius 9.61.5480.28 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities
8,411
Exploit Likelihood
High