CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,426 vulnerabilities with CWE-862
CVE-2017-1002151 HIGH
Pagure < 3.3.0 - Improper Authorization
CVSS 7.5
CVE-2017-1002007 HIGH
WordPress Plugin DTracker <1.5 - Privilege Escalation
CVSS 7.5
CVE-2017-1002006 HIGH
WordPress Plugin DTracker <1.5 - Privilege Escalation
CVSS 7.5
CVE-2017-12582 CRITICAL
QNAP TS-212P Firmware 4.2.1 build 20160601 - Missing Authorization in Surveillance Station
CVSS 9.8
CVE-2017-7548 HIGH
PostgreSQL <9.4.13-9.6.4 - Privilege Escalation
CVSS 7.5
CVE-2017-11135 HIGH
heinekingmedia StashCat < 1.7.5 (Android), < 0.0.80w (Web), < 0.0.86w (Desktop) - DoS via Logout
CVSS 7.5
CVE-2017-6251 HIGH
NVIDIA Windows GPU Display Driver - Missing Authorization Leading to Privilege Escalation
CVSS 7.8
CVE-2017-1000056 CRITICAL
Kubernetes <1.5.4 - Privilege Escalation
CVSS 9.8
CVE-2017-4985 HIGH
EMC VNX2 <OE for File 8.1.9.211 - Privilege Escalation
CVSS 7.8
CVE-2017-7914 HIGH
Rockwell Automation PanelView Plus 6 700-1500 Firmware - Unauthenticated Remote Access via Missing Authorization
CVSS 8.6
CVE-2017-7677 MEDIUM
Apache Ranger <0.7.1 - Privilege Escalation
CVSS 5.9
CVE-2017-6693 MEDIUM
Cisco Elastic Services Controller - Authenticated Unauthorized Directory Access via ConfD Server
CVSS 5.5
CVE-2017-6639 CRITICAL
Cisco Prime Data Center Network Manager 10.1(1)-10.1(2) - Unauthenticated Remote Code Execution via Debugging Tool
CVSS 9.8
CVE-2017-8083 MEDIUM
CompuLab Intense PC and MintBox 2 Firmware < cr_2.2.0.400.2 - Missing Authorization for Flash Memory Write Protection
CVSS 6.7
CVE-2017-0896 MEDIUM
Zulip Server <1.5.1 - Privilege Escalation
CVSS 6.5
CVE-2017-9232 CRITICAL
Juju < 1.25.12, 2.0.x < 2.0.4, 2.1.x < 2.1.3 - Privilege Escalation via UNIX Domain Socket
CVSS 9.8
CVE-2017-9036 HIGH
Trend Micro ServerProtect for Linux <3.0 - Privilege Escalation
CVSS 7.8
CVE-2017-6635 MEDIUM
Cisco Prime Collaboration Provisioning < 12.1 - Authenticated Arbitrary File Deletion via Directory Traversal
CVSS 6.5
CVE-2017-6622 CRITICAL
Cisco Prime Collaboration Provisioning < 12.1 - Unauthenticated Command Injection via HTTP Request
CVSS 9.8
CVE-2017-6565 HIGH
Franklin Fueling Systems TS-550 evo 2.3.0.7332 - Unauthenticated Arbitrary File Upload via roleDiag User
CVSS 8.8
CVE-2017-6564 MEDIUM
Franklin Fueling TS-550 evo Firmware 2.3.0.7332 - Unauthenticated Sensitive File Download via idSourceFileName Parameter
CVSS 6.5
CVE-2017-8217 MEDIUM
TP-Link C2 and C20i < 0.9.1_4.2_v0032.0_build_160706 - Missing Authorization via SNMP
CVSS 5.3
CVE-2017-7622 HIGH
DDE 15.0-15.3 - Privilege Escalation
CVSS 8.8
CVE-2017-0554 HIGH
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Elevation of Privilege in Telephony Component
CVSS 7.8
CVE-2017-6598 MEDIUM
Cisco UCS Manager, Firepower 4100/9300 - Authenticated Privilege Escalation via Debug Plug-in
CVSS 6.7
Details
Vulnerabilities 8,426
Exploit Likelihood High