CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,417 vulnerabilities with CWE-862
CVE-2020-15102 MEDIUM
PrestaShop Dashboard Productions <2.1.0 - Privilege Escalation
CVSS 6.5
CVE-2020-14491 MEDIUM
OpenClinic GA 5.09.02 and 5.89.05b - Missing Authorization in SQL Query Execution
CVSS 6.5
CVE-2020-0227 HIGH
Android 8.0-10 - Unauthenticated Permissions Bypass in CompanionDeviceManagerService
CVSS 7.8
CVE-2020-0107 MEDIUM
Android 10 - Unauthenticated Local Information Disclosure via getUiccCardsInfo Input Validation Bypass
CVSS 5.5
CVE-2020-14001 CRITICAL
kramdown < 2.3.0 - Unauthenticated Arbitrary File Read and Remote Code Execution via Template Option
CVSS 9.8
CVE-2020-15780 MEDIUM
Linux Kernel < 5.7.7 - Missing Authorization via ACPI Table Injection
CVSS 6.7
CVE-2020-15001 MEDIUM
Yubico YubiKey 5 NFC <5.3.1 - Info Disclosure
CVSS 5.3
CVE-2020-5368 CRITICAL
Dell EMC VxRail 4.7.410-4.7.411 - Unauthenticated Sensitive Information Exposure
CVSS 9.8
CVE-2020-15518 HIGH
Veeam Availability Suite & Backup & Replication < 10.0 - Privilege Escalation via VeeamFSR.sys
CVSS 8.8
CVE-2020-15080 MEDIUM
PrestaShop <1.7.6.6 - Info Disclosure
CVSS 5.3
CVE-2020-2216 MEDIUM
Jenkins Zephyr for JIRA Test Mgmt <1.5 - Privilege Escalation
CVSS 4.3
CVE-2020-2204 MEDIUM
Jenkins Fortify on Demand Plugin <5.0.1 - Privilege Escalation
CVSS 5.4
CVE-2020-2202 MEDIUM
Jenkins Fortify on Demand Plugin <6.0.0 - Info Disclosure
CVSS 4.3
CVE-2020-15412 MEDIUM
MISP 2.4.128 - Missing Authorization in EventsController
CVSS 4.3
CVE-2020-15360 HIGH
Docker Desktop <2.3.0.3 - Privilege Escalation
CVSS 7.8
CVE-2020-4413 MEDIUM
IBM Security Secret Server < 10.8 - Sensitive Information Exposure via Missing HSTS Enforcement
CVSS 5.9
CVE-2020-5345 MEDIUM
Dell EMC Unisphere for PowerMax < 9.1.0.17 - Authenticated Authorization Bypass
CVSS 6.4
CVE-2020-14971 HIGH
Pi-hole < 5.0 - Code Injection via Teleporter Backup File Restoration
CVSS 7.8
CVE-2020-14944 CRITICAL
Global RADAR BSA Radar <1.6.7234.24750 - Privilege Escalation
CVSS 9.8
CVE-2020-14969 HIGH
MISP 2.4.127 - Missing Authorization in Attribute RestSearch API
CVSS 7.5
CVE-2020-13276 HIGH
GitLab CE/EE <13.0.1 - Info Disclosure
CVSS 7.4
CVE-2020-3245 MEDIUM
Cisco Smart Software Manager On-Prem - Auth Bypass
CVSS 5.3
CVE-2020-14213 MEDIUM
Zammad < 3.3.1 - Missing Authorization for Customer Ticket Access
CVSS 5.4
CVE-2020-0202 HIGH
Android - Local Privilege Escalation via TraceService Intent Handling
CVSS 7.8
CVE-2020-0178 MEDIUM
Android 10 - Unauthenticated Local Information Disclosure via SettingsProvider Config Flags
CVSS 5.5
Details
Vulnerabilities 8,417
Exploit Likelihood High