The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2019-10161
HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
CVE-2019-5449
MEDIUM
Nextcloud Server < 15.0.1 - Unauthorized Calendar Event Name Disclosure
CVSS 4.3
CVE-2019-10184
HIGH
undertow <2.0.23.Final - Info Disclosure
CVSS 7.5
CVE-2019-11702
MEDIUM
Firefox < 67.0.2 - Unauthenticated Local File Access via IE Protocol Handler
CVSS 6.5
CVE-2019-11700
MEDIUM
Firefox < 67.0 - Unauthenticated Local File Access via res: Protocol Hyperlink
CVSS 6.5
CVE-2019-1010152
CRITICAL
zzcms < 8.3 - Unauthenticated File Deletion and Remote Code Execution via user/manage.php
CVSS 9.8
CVE-2019-1010150
CRITICAL
zzcms < 8.3 - Unauthenticated File Deletion and Remote Code Execution via /user/zssave.php
CVSS 9.8
CVE-2019-1010149
CRITICAL
zzcms < 8.3 - File Deletion to Remote Code Execution via user/licence_save.php
CVSS 9.8
CVE-2019-1010246
HIGH
MailCleaner < 2019-01-21 - Unauthenticated MySQL Password Disclosure via NewslettersController.php
CVSS 7.5
CVE-2019-1010066
HIGH
LLNL model_specific_registers-safe < 1.2.0 - Unauthenticated MSR Modification via ioctl Bypass
CVSS 7.5
CVE-2019-10354
MEDIUM
Jenkins < 2.176.1 and < 2.185 - Missing Authorization via Stapler Web Framework
CVSS 4.3
CVE-2019-1010304
MEDIUM
Saleor 2.0.0-2.3.0 - Unauthenticated Incorrect Access Control in ProductVariant GraphQL API
CVSS 5.3
CVE-2019-10342
MEDIUM
Jenkins Docker Plugin < 1.1.6 - Missing Authorization in fillCredentialsIdItems Methods
CVSS 4.3
CVE-2019-10341
MEDIUM
Jenkins Docker Plugin < 1.1.6 - Missing Authorization in Test Connection Feature
CVSS 6.5
CVE-2019-0325
MEDIUM
SAP ERP HCM 3 - Missing Authorization for Payroll Data Report
CVSS 4.2
CVE-2019-12470
MEDIUM
MediaWiki <= 1.32.1 - Incorrect Access Control in RevisionDelete Page
CVSS 6.5
CVE-2019-12469
MEDIUM
MediaWiki < 1.27.6 - Incorrect Access Control
CVSS 6.5
CVE-2019-13450
MEDIUM
RingCentral 7.0.136380.0312 - Unauthenticated Forced Video Call Activation via Localhost Web Server
CVSS 6.5
CVE-2019-12926
HIGH
MailEnable 6.0-<6.90 - Missing Authorization
CVSS 8.8
CVE-2019-2117
MEDIUM
Android 7.0-9 - Unauthenticated Local Information Disclosure via TelephonyProvider Permission Check
CVSS 5.5
CVE-2019-7272
MEDIUM
Optergy Proton/Enterprise - Info Disclosure
CVSS 5.3
CVE-2019-13047
HIGH
ToaruOS < 1.10.9 - Unauthenticated Arbitrary Kernel Memory Mapping via TOARU_SYS_FUNC_SETHEAP
CVSS 7.8
CVE-2019-10175
MEDIUM
virt-cdi-cloner 1.4 - Privilege Escalation
CVSS 6.5
CVE-2019-4158
MEDIUM
IBM Security Access Manager 9.0.1-9.0.6 - Missing Authorization
CVSS 5.4
CVE-2019-6961
MEDIUM
RDK RDKB-20181217-1 WebUI - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities
8,421
Exploit Likelihood
High