The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2018-19830
HIGH
Smart Contract - Privilege Escalation
CVSS 7.5
CVE-2018-20501
MEDIUM
GitLab 8.12.0-11.4.12 11.5.0-11.5.5 11.6.0 - Missing Authorization
CVSS 6.3
CVE-2018-14997
MEDIUM
Leagoo P1 Firmware - Unauthenticated Screenshot Capture via Exported Broadcast Receiver
CVSS 5.5
CVE-2018-4059
CRITICAL
coturn < 4.5.0.9 - Unauthenticated Administrator Access via TELNET Admin Portal
CVSS 9.8
CVE-2018-17491
HIGH
EasyLobby Solo - Privilege Escalation
CVSS 8.4
CVE-2018-17490
HIGH
EasyLobby Solo - Unauthenticated Denial of Service via Task Manager Access
CVSS 7.7
CVE-2018-10093
HIGH
AudioCodes IP phone 420HD <2.2.12.126 - RCE
CVSS 8.8
CVE-2018-11888
HIGH
Snapdragon Auto/Mobile/Compute/etc. <various - Unauthorized Access
CVSS 7.8
CVE-2018-18996
CRITICAL
LCDS Laquis SCADA < 4.1.0.4150 - Remote Code Execution
CVSS 9.8
CVE-2018-16081
HIGH
Google Chrome < 69.0.3497.81 - Unauthenticated Local File Access via chrome.debugger API
CVSS 7.4
CVE-2018-2484
HIGH
SAP Enterprise Financial Services - Missing Authorization
CVSS 8.8
CVE-2018-18004
MEDIUM
VIVOTEK Network Camera Series - Unauthenticated Arbitrary System Service Enablement via mod_inetd.cgi URL Parameter
CVSS 5.3
CVE-2018-15005
HIGH
ZTE ZMAX Champ Android - Privilege Escalation
CVSS 7.1
CVE-2018-14985
HIGH
Leagoo Z5C Firmware - Unauthenticated Factory Reset via Exported Broadcast Receiver
CVSS 7.1
CVE-2018-15329
HIGH
BIG-IP <14.0.2 - Privilege Escalation
CVSS 7.2
CVE-2018-20155
MEDIUM
WP Maintenance Mode <2.0.7 - Auth Bypass
CVSS 4.3
CVE-2018-2503
HIGH
SAP NetWeaver AS Java - Info Disclosure
CVSS 7.4
CVE-2018-9548
MEDIUM
Android 7.0-9 - Unauthenticated Local Information Disclosure via Missing URI Validation
CVSS 5.5
CVE-2018-19754
HIGH
Tarantella Enterprise <3.11 - Auth Bypass
CVSS 8.8
CVE-2018-18647
MEDIUM
GitLab 8.11-11.2.6 11.3.x<11.3.8 11.4.x<11.4.3 - Missing Authorization
CVSS 6.5
CVE-2018-9457
MEDIUM
Android 8.0-9 - Unauthenticated Local Information Disclosure via Bluetooth Pairing Bypass
CVSS 5.5
CVE-2018-1314
MEDIUM
Apache Hive < 2.3.3 and 3.1.0 - Missing Authorization for EXPLAIN Operation
CVSS 4.3
CVE-2018-19110
MEDIUM
tianti 2.3 - Authenticated Missing Authorization in Skin Management
CVSS 6.5
CVE-2018-19079
HIGH
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - Unauthenticated DoS via ONVIF SystemReboot
CVSS 7.5
CVE-2018-15327
HIGH
BIG-IP <14.0.0.2/<13.1.1.1 - Privilege Escalation
CVSS 7.2
Details
Vulnerabilities
8,421
Exploit Likelihood
High