CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,426 vulnerabilities with CWE-862
CVE-2017-6369 HIGH
Firebird 2.5.0-2.5.6 - Authenticated Remote Code Execution via UDF Subsystem
CVSS 8.8
CVE-2017-5930 LOW
Opensuse Leap < 3.0.2 - Missing Authorization
CVSS 2.7
CVE-2017-5985 LOW
lxc < 1.0.9 - Missing Authorization for Network Interface Creation
CVSS 3.3
CVE-2017-5180 HIGH
Firejail <0.9.44.4 & 0.9.38.x LTS <0.9.38.8 - Sandbox-Escape
CVSS 8.8
CVE-2017-3813 HIGH
Cisco AnyConnect - Privilege Escalation
CVSS 7.8
CVE-2017-5136 HIGH
SendQuick Entera/Avera <2HF16 - DoS
CVSS 7.5
CVE-2016-11036 CRITICAL
Samsung Android M(6.0) - Factory Reset Protection Bypass
CVSS 9.8
CVE-2015-10143 CRITICAL
Platform theme <1.4.4 - Privilege Escalation
CVSS 9.8
CVE-2015-10140 HIGH
Ajax Load More <2.8.1.2 - Auth Bypass
CVSS 8.8
CVE-2015-20067 HIGH
WP Attachment Export < 0.2.4 - Unauthenticated Sensitive Data Exposure via XML Export
CVSS 7.5
CVE-2015-0571 HIGH
Linux Kernel 3.x-4.x < 4.20.15 - Missing Authorization in WLAN Driver IOCTL Calls
CVSS 7.8
CVE-2015-8840 HIGH
SAP NetWeaver AS Java - Missing Authorization in XML Data Archiving Service
CVSS 8.8
CVE-2013-10072 MEDIUM
Nagios XI < 2012R1.6 - Missing Authorization in Auto-Discovery
CVSS 6.5
CVE-2013-4226 MEDIUM
Authenticated User Page Caching < 7.x-1.5 - Unauthorized Information Disclosure via Cached Pages
CVSS 6.5
CVE-2013-3960 CRITICAL
Easy File Manager 1.1 - Missing Authorization
CVSS 9.9
CVE-2013-3703 HIGH
Open Build Service 2.4.0-2.4.3 - Authenticated Missing Authorization in API Controller
CVSS 8.8
CVE-2012-0055 HIGH
Linux Kernel < 3.0.0 - Missing Authorization in OverlayFS
CVSS 7.8
CVE-2012-6614 HIGH
D-Link DSR-250N Firmware < 1.08b31 - Authenticated Privilege Escalation via BusyBox CLI
CVSS 7.2
CVE-2012-4245
GIMP 2.6.0-2.6.12 - Unauthenticated Remote Code Execution via Python-Fu-Eval Command
CVE-2011-4183 MEDIUM
SUSE Open Build Service <2.1.16 - RCE
CVSS 6.5
CVE-2009-3781
FileField 6.x-3.1 - Unauthenticated Unauthorized File Access via Node-Access Permission Bypass
CVE-2009-3168 HIGH
Basic PHP Events Lister 2.0 - Authenticated Missing Authorization in Admin Endpoints
CVSS 7.2
CVE-2009-2282
Sun Solaris/OpenSolaris - Privilege Escalation
CVE-2008-6548
MoinMoin < 1.6.2 - Unauthorized File Read via RST Parser Include
CVE-2006-4483
PHP < 5.1.5 - Missing Authorization for CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode
Details
Vulnerabilities 8,426
Exploit Likelihood High