The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2019-15953
HIGH
Total.js CMS 12.0.0 - Privilege Escalation
CVSS 8.8
CVE-2019-15871
MEDIUM
WordPress <1.1.4 - Privilege Escalation
CVSS 4.3
CVE-2019-13408
HIGH
Advan VD-1 Firmware < 230 - Unauthenticated Path Traversal via ExportSettings.cgi Download Parameter
CVSS 7.5
CVE-2019-11248
HIGH
Kubernetes < 1.12.10, 1.13.8, 1.14.4, 1.15.0 - Unauthenticated Information Disclosure via /debug/pprof Endpoint
CVSS 8.2
CVE-2019-15648
MEDIUM
insert-or-embed-articulate-content-into-wordpress < 4.29991 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-13013
MEDIUM
Little Snitch 4.3.0-4.3.2 - Unauthenticated Local Privilege Escalation via XPC Interface
CVSS 5.5
CVE-2019-8445
MEDIUM
Jira Server 7.13.0-7.13.6 and 8.0.0-8.3.1 - Unauthenticated Worklog Information Disclosure via Missing Authorization
CVSS 5.3
CVE-2019-2137
MEDIUM
Android - Denial of Service in TelecomManager endCall Function
CVSS 5.5
CVE-2019-15136
HIGH
eProsima Fast RTPS < 1.9.0 - Missing Authorization in Access Control Plugin
CVSS 7.5
CVE-2019-14786
MEDIUM
Rank Math SEO < 1.0.27.1 - Authenticated Settings Reset via reset-cmb Parameter
CVSS 6.5
CVE-2019-1170
HIGH
Windows 10 and Windows Server 2016/2019 - Privilege Escalation via Reparse Point Creation
CVSS 7.9
CVE-2019-0349
HIGH
SAP Kernel (ABAP Debugger) - Missing Authorization Check for 'Go to statement'
CVSS 7.2
CVE-2019-14793
MEDIUM
Meta Box < 4.16.3 - Authenticated Arbitrary File Deletion via AJAX Action
CVSS 6.5
CVE-2019-10389
MEDIUM
Jenkins Relution Enterprise Appstore Publisher < 1.24 - Server-Side Request Forgery
CVSS 4.3
CVE-2019-10387
MEDIUM
Jenkins XL TestView Plugin < 1.2.0 - Missing Authorization in XLTestView.XLTestDescriptor#doTestConnection
CVSS 6.5
CVE-2019-10377
MEDIUM
Jenkins Avatar Plugin < 1.2 - Missing Authorization for User Avatar Changes
CVSS 4.3
CVE-2019-10369
MEDIUM
Jenkins JClouds Plugin < 2.14 - Missing Authorization in Test Connection Endpoint
CVSS 6.5
CVE-2019-5995
MEDIUM
Canon EOS and PowerShot Cameras - Missing Authorization for Firmware Update
CVSS 6.5
CVE-2019-14473
HIGH
eQ-3 Homematic CCU2/CCU3 - Privilege Escalation
CVSS 8.8
CVE-2019-14475
HIGH
eQ-3 Homematic CCU2 <2.47.15 & CCU3 <3.47.15 - Privilege Escalation
CVSS 7.5
CVE-2019-14544
CRITICAL
Gogs 0.11.86 - Privilege Escalation
CVSS 9.8
CVE-2019-10167
HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10187
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10357
MEDIUM
Jenkins Pipeline < 2.14 - Missing Authorization for SCM Repository Content
CVSS 4.3
CVE-2019-10344
MEDIUM
Jenkins Configuration as Code Plugin < 1.24 - Missing Authorization in HTTP Endpoints
CVSS 4.3
Details
Vulnerabilities
8,421
Exploit Likelihood
High