CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,411 vulnerabilities with CWE-862
CVE-2020-27777 MEDIUM
Linux Kernel < 4.14.204 - Missing Authorization in RTAS Memory Access Handling
CVSS 6.7
CVE-2020-27057 LOW
Android - Missing Authorization in GpuService.cpp
CVSS 3.3
CVE-2020-27056 LOW
Android 11 - Unauthenticated Local Information Disclosure via SELinux Policy Misconfiguration
CVSS 3.3
CVE-2020-27054 HIGH
Android 11 - Missing Authorization in BluetoothManagerService onFactoryReset
CVSS 7.8
CVE-2020-27053 MEDIUM
Android 11 - Missing Authorization Check in ClientModeImpl
CVSS 4.4
CVE-2020-27052 HIGH
Android 11 - Unauthenticated Permissions Bypass in Lock Task Mode
CVSS 7.8
CVE-2020-27032 MEDIUM
Android - Missing Authorization in PhoneInterfaceManager
CVSS 5.5
CVE-2020-0497 MEDIUM
Android 11 - Unauthenticated Local Information Disclosure via BiometricServiceBase
CVSS 5.5
CVE-2020-0485 HIGH
Android 11 - Missing Authorization in UsbBackend.java
CVSS 7.8
CVE-2020-0480 HIGH
Android 11 - Missing Authorization in DocumentsProvider
CVSS 7.8
CVE-2020-0477 MEDIUM
Android 11 - Unauthenticated Information Disclosure via ClientModeImpl Broadcast
CVSS 5.5
CVE-2020-0475 HIGH
Android 11 - Missing Authorization in WindowManagerService Input Consumer
CVSS 7.8
CVE-2020-0468 MEDIUM
Android 10-11 - Unauthenticated Local Information Disclosure via TelephonyRegistry Permissions Bypass
CVSS 5.5
CVE-2020-0459 LOW
Android 8.0-10 - Unauthenticated Sensitive WiFi Configuration Data Leak via WifiConfigManager
CVSS 3.3
CVE-2020-0440 HIGH
Android 11 - Missing Authorization in DisplayManagerService
CVSS 7.8
CVE-2020-26415 MEDIUM
GitLab <13.4.7,<13.5.5,<13.6.2 - Info Disclosure
CVSS 4.3
CVE-2020-26408 MEDIUM
GitLab 12.2.0-13.4.6, 13.5.0-13.5.4, 13.6.0-13.6.1 - Limited Information Disclosure in Private Profile
CVSS 5.3
CVE-2020-28215 CRITICAL
Easergy T300 Firmware < 2.7 - Missing Authorization
CVSS 9.8
CVE-2020-25499 HIGH
TOTOLINK A3002RU-V2 < 2.1.1-b20200911.1756 - Authenticated OS Command Injection via Run Command
CVSS 8.8
CVE-2020-26832 HIGH
SAP AS ABAP/S4 HANA - Privilege Escalation
CVSS 7.6
CVE-2020-26830 HIGH
SAP Solution Manager 7.2 - Privilege Escalation
CVSS 8.1
CVE-2020-27349 MEDIUM
Aptdaemon <1.1.1+bzr982-0ubuntu34.1 - Privilege Escalation
CVSS 5.5
CVE-2020-14205 MEDIUM
DiveBook 1.1.4 - Missing Authorization in Log Dive Form
CVSS 5.3
CVE-2020-25629 HIGH
Moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Privilege Escalation via 'Log in as' Capability
CVSS 8.8
CVE-2020-23740 HIGH
DriverGenius 9.61.5480.28 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 8,411
Exploit Likelihood High