The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2019-20609
MEDIUM
Samsung Android P(9.0) - Unauthorized Secure Folder Notification Content Access via Smartwatch
CVSS 6.5
CVE-2019-20599
HIGH
Samsung Android N(7.x)-P(9.0) - Missing Authorization in Voice Assistant Notification Handling
CVSS 7.5
CVE-2019-20555
MEDIUM
Samsung Android Gallery - Unauthenticated Picture Access on Locked Device
CVSS 5.3
CVE-2019-12498
CRITICAL
3cx Live Chat < 8.0.33 - Missing Authorization via REST API
CVSS 9.8
CVE-2019-18581
HIGH
Dell EMC Data Protection Advisor <19.1-6.5 - Command Injection
CVSS 7.2
CVE-2019-14883
MEDIUM
Moodle 3.6-3.6.6 and 3.7-3.7.2 - Missing Authorization for Inline Email Attachment Access
CVSS 5.3
CVE-2019-20407
MEDIUM
Jira Software 8.4.1-8.5.3 Authenticated Information Disclosure
CVSS 4.3
CVE-2019-19937
HIGH
JFrog Artifactory < 6.18 - Missing Authorization for System and Repository Imports
CVSS 7.2
CVE-2019-19989
HIGH
Selesta Visual Access Manager 4.15.0-4.29.0 - Missing Authorization
CVSS 7.5
CVE-2019-5470
HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Missing Authorization in Security Dashboard
CVSS 7.5
CVE-2019-19802
MEDIUM
Gallagher Command Centre < 7.70 - Authenticated Missing Authorization via OPCUA
CVSS 6.5
CVE-2019-11761
MEDIUM
Firefox < 70, Thunderbird < 68.2, Firefox ESR < 68.2 - CSRF
CVSS 5.4
CVE-2019-19985
MEDIUM
Email Subscribers & Newsletters < 4.2.3 - Unauthenticated File Download and User Information Disclosure
CVSS 5.3
CVE-2019-19899
CRITICAL
Pebble Templates < 3.1.4 - Missing Authorization via Class.forName Bypass
CVSS 9.8
CVE-2019-15576
HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthenticated Information Disclosure via GraphQL Endpoint
CVSS 7.5
CVE-2019-15013
MEDIUM
Jira < 7.13.12, 8.0.0-8.4.3, 8.5.0-8.5.2 - Authenticated Missing Authorization in WorkflowResource
CVSS 4.3
CVE-2019-16576
MEDIUM
Jenkins Alauda Kubernetes Suport Plugin <2.3.0 - SSRF
CVSS 6.5
CVE-2019-16574
MEDIUM
Jenkins Alauda DevOps Pipeline Plugin <2.3.2 - SSRF
CVSS 6.5
CVE-2019-16571
MEDIUM
Jenkins RapidDeploy Plugin <4.1 - DoS
CVSS 4.3
CVE-2019-16567
MEDIUM
Jenkins Team Concert Plugin <1.3.0 - Info Disclosure
CVSS 4.3
CVE-2019-16566
MEDIUM
Jenkins Team Concert Plugin <1.3.0 - SSRF
CVSS 6.5
CVE-2019-15932
CRITICAL
Intesync Solismed 3.3sp - Info Disclosure
CVSS 9.8
CVE-2019-19604
HIGH
Git <2.20.2-2.24.1 - Command Injection
CVSS 7.8
CVE-2019-13748
MEDIUM
Google Chrome <79.0.3945.79 - Info Disclosure
CVSS 6.5
CVE-2019-2229
MEDIUM
Android 8.0-10 - Unauthenticated Local Information Disclosure via BaseWidgetProvider
CVSS 5.5
Details
Vulnerabilities
8,421
Exploit Likelihood
High