The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,426 vulnerabilities with CWE-862
CVE-2017-1002151
HIGH
Pagure < 3.3.0 - Improper Authorization
CVSS 7.5
CVE-2017-1002007
HIGH
WordPress Plugin DTracker <1.5 - Privilege Escalation
CVSS 7.5
CVE-2017-1002006
HIGH
WordPress Plugin DTracker <1.5 - Privilege Escalation
CVSS 7.5
CVE-2017-12582
CRITICAL
QNAP TS-212P Firmware 4.2.1 build 20160601 - Missing Authorization in Surveillance Station
CVSS 9.8
CVE-2017-7548
HIGH
PostgreSQL <9.4.13-9.6.4 - Privilege Escalation
CVSS 7.5
CVE-2017-11135
HIGH
heinekingmedia StashCat < 1.7.5 (Android), < 0.0.80w (Web), < 0.0.86w (Desktop) - DoS via Logout
CVSS 7.5
CVE-2017-6251
HIGH
NVIDIA Windows GPU Display Driver - Missing Authorization Leading to Privilege Escalation
CVSS 7.8
CVE-2017-1000056
CRITICAL
Kubernetes <1.5.4 - Privilege Escalation
CVSS 9.8
CVE-2017-4985
HIGH
EMC VNX2 <OE for File 8.1.9.211 - Privilege Escalation
CVSS 7.8
CVE-2017-7914
HIGH
Rockwell Automation PanelView Plus 6 700-1500 Firmware - Unauthenticated Remote Access via Missing Authorization
CVSS 8.6
CVE-2017-7677
MEDIUM
Apache Ranger <0.7.1 - Privilege Escalation
CVSS 5.9
CVE-2017-6693
MEDIUM
Cisco Elastic Services Controller - Authenticated Unauthorized Directory Access via ConfD Server
CVSS 5.5
CVE-2017-6639
CRITICAL
Cisco Prime Data Center Network Manager 10.1(1)-10.1(2) - Unauthenticated Remote Code Execution via Debugging Tool
CVSS 9.8
CVE-2017-8083
MEDIUM
CompuLab Intense PC and MintBox 2 Firmware < cr_2.2.0.400.2 - Missing Authorization for Flash Memory Write Protection
CVSS 6.7
CVE-2017-0896
MEDIUM
Zulip Server <1.5.1 - Privilege Escalation
CVSS 6.5
CVE-2017-9232
CRITICAL
Juju < 1.25.12, 2.0.x < 2.0.4, 2.1.x < 2.1.3 - Privilege Escalation via UNIX Domain Socket
CVSS 9.8
CVE-2017-9036
HIGH
Trend Micro ServerProtect for Linux <3.0 - Privilege Escalation
CVSS 7.8
CVE-2017-6635
MEDIUM
Cisco Prime Collaboration Provisioning < 12.1 - Authenticated Arbitrary File Deletion via Directory Traversal
CVSS 6.5
CVE-2017-6622
CRITICAL
Cisco Prime Collaboration Provisioning < 12.1 - Unauthenticated Command Injection via HTTP Request
CVSS 9.8
CVE-2017-6565
HIGH
Franklin Fueling Systems TS-550 evo 2.3.0.7332 - Unauthenticated Arbitrary File Upload via roleDiag User
CVSS 8.8
CVE-2017-6564
MEDIUM
Franklin Fueling TS-550 evo Firmware 2.3.0.7332 - Unauthenticated Sensitive File Download via idSourceFileName Parameter
CVSS 6.5
CVE-2017-8217
MEDIUM
TP-Link C2 and C20i < 0.9.1_4.2_v0032.0_build_160706 - Missing Authorization via SNMP
CVSS 5.3
CVE-2017-7622
HIGH
DDE 15.0-15.3 - Privilege Escalation
CVSS 8.8
CVE-2017-0554
HIGH
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Elevation of Privilege in Telephony Component
CVSS 7.8
CVE-2017-6598
MEDIUM
Cisco UCS Manager, Firepower 4100/9300 - Authenticated Privilege Escalation via Debug Plug-in
CVSS 6.7
Details
Vulnerabilities
8,426
Exploit Likelihood
High