The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,426 vulnerabilities with CWE-862
CVE-2018-9457
MEDIUM
Android 8.0-9 - Unauthenticated Local Information Disclosure via Bluetooth Pairing Bypass
CVSS 5.5
CVE-2018-1314
MEDIUM
Apache Hive < 2.3.3 and 3.1.0 - Missing Authorization for EXPLAIN Operation
CVSS 4.3
CVE-2018-19110
MEDIUM
tianti 2.3 - Authenticated Missing Authorization in Skin Management
CVSS 6.5
CVE-2018-19079
HIGH
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - Unauthenticated DoS via ONVIF SystemReboot
CVSS 7.5
CVE-2018-15327
HIGH
BIG-IP <14.0.0.2/<13.1.1.1 - Privilege Escalation
CVSS 7.2
CVE-2018-11785
MEDIUM
Apache Impala < 3.0.1 - Missing Authorization Check
CVSS 6.5
CVE-2018-18377
HIGH
Orange AirBox Y858_FL_01.16_04 - Unauthenticated Factory Reset via goform/setReset
CVSS 7.5
CVE-2018-15429
MEDIUM
Cisco HyperFlex HX Data Platform - Unauthenticated Sensitive Information Exposure via HTTP Request
CVSS 5.3
CVE-2018-16048
MEDIUM
GitLab 8.10.0-11.0.5 11.1.0-11.1.4 11.2.0-11.2.1 - Missing Authorization for API Repository Storage
CVSS 6.5
CVE-2018-2461
HIGH
SAP People Profile - Missing Authorization Check
CVSS 8.8
CVE-2018-2455
HIGH
SAP Enterprise Financial Services 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2018-2454
HIGH
SAP Enterprise Financial Services 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2018-16591
CRITICAL
FURUNO FELCOM 250 and 500 - Unauthenticated Password Change via sm_changepassword.cgi and sm_sms_changepasswd.cgi
CVSS 9.8
CVE-2018-7792
HIGH
Schneider Electric Modicon M221 - Privilege Escalation
CVSS 7.5
CVE-2018-8028
HIGH
Apache Sentry <2.0.1 - Privilege Escalation
CVSS 8.8
CVE-2018-5547
HIGH
F5 BIG-IP APM client <7.1.7.1 - Privilege Escalation
CVSS 7.8
CVE-2018-1116
MEDIUM
polkit <0.116 - Privilege Escalation
CVSS 4.4
CVE-2018-2436
HIGH
SAP R/3 Enterprise Retail - Missing Authorization in WRCK Transaction
CVSS 8.8
CVE-2018-11541
CRITICAL
Sonus SBC 1000/2000/SWe Lite - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2018-8755
CRITICAL
NuCom WR644GACV <STA006 - Info Disclosure
CVSS 9.8
CVE-2018-5135
HIGH
Firefox < 59.0 - Missing Authorization for WebExtension Script Injection
CVSS 7.5
CVE-2018-5113
HIGH
Firefox < 58 - Missing Authorization in WebExtensions WebAuthFlow
CVSS 7.5
CVE-2018-0336
HIGH
Cisco Prime Collaboration Provisioning - Authenticated Privilege Escalation via Batch File Processing
CVSS 8.8
CVE-2018-7689
HIGH
openSUSE Open Build Service < 2.9.3 - Authenticated Missing Authorization in InitializeDevelPackage
CVSS 7.1
CVE-2018-7688
HIGH
openSUSE Open Build Service < 2.9.3 - Authenticated Missing Authorization in Review Handling
CVSS 7.1
Details
Vulnerabilities
8,426
Exploit Likelihood
High