The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
3,104 vulnerabilities with CWE-863
CVE-2021-1143
MEDIUM
Cisco Connected Mobile Experiences - Authenticated User Enumeration via API GET Requests
CVSS 4.3
CVE-2021-21609
MEDIUM
Jenkins < 2.263.1, < 2.274 - Incorrect Authorization via URL Path Matching
CVSS 5.3
CVE-2021-0319
HIGH
Android 8.0-11 - Incorrect Authorization in CompanionDeviceManagerService
CVSS 7.3
CVE-2021-0317
HIGH
Android 8.0-11 - Local Privilege Escalation via Permission Logic Error
CVSS 7.8
CVE-2021-1054
MEDIUM
NVIDIA GPU Display Driver 390-392.63 - Denial of Service via Incorrect Authorization in Kernel Mode Layer
CVSS 5.5
CVE-2020-36969
HIGH
M/Monit 3.7.4 - Privilege Escalation
CVSS 8.8
CVE-2020-36948
CRITICAL
VestaCP 0.9.8-26 - Incorrect Authorization via LoginAs Session Token Manipulation
CVSS 9.8
CVE-2020-36920
HIGH
iDS6 DSSPro Digital Signage System 6.2 - Privilege Escalation
CVSS 8.8
CVE-2020-9081
LOW
Huawei Smartphone Firmware - Improper Authorization Bypass via App Lock
CVSS 3.5
CVE-2020-10676
HIGH
Rancher <2.6.13-2.7.4 - Privilege Escalation
CVSS 8.8
CVE-2020-36714
HIGH
Brizy < 1.0.125 - Authenticated Authorization Bypass via is_administrator() Function
CVSS 7.4
CVE-2020-36710
MEDIUM
WPS Hide Login <1.5.4.2 - Info Disclosure
CVSS 5.3
CVE-2020-23362
HIGH
Shop_CMS YerShop - Privilege Escalation
CVSS 7.1
CVE-2020-17354
HIGH
LilyPond < 2.24.0 - Unauthenticated Arbitrary Code Execution via Scheme Code in .ly File
CVSS 8.6
CVE-2020-36625
MEDIUM
destiny chat - Cross-Site Request Forgery via WebSocket Upgrader
CVSS 4.3
CVE-2020-36623
MEDIUM
pengu < 2020-11-02 - Cross-Site Request Forgery in runApp Function
CVSS 4.3
CVE-2020-36622
MEDIUM
bienlein < 2020-09-28 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-36610
MEDIUM
DuxCMS 2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-14321
HIGH
Moodle Teacher Enrollment Privilege Escalation to RCE
CVSS 8.8
CVE-2020-14121
MEDIUM
Mi App Store - Incorrect Authorization via Permission Check Bypass
CVSS 5.5
CVE-2020-25167
MEDIUM
OSIsoft PI Vision < 3.5.0 - Incorrect Authorization for AF Attribute
CVSS 4.9
CVE-2020-35501
LOW
Linux Kernel < 5.17 - Audit Rule Bypass via Syscall Logging Evasion
CVSS 3.4
CVE-2020-24771
HIGH
NexusPHP 1.5.beta5.20120707 - Incorrect Authorization
CVSS 7.5
CVE-2020-25722
HIGH
Samba >=4.0.0 <4.13.14 - Incorrect Authorization
CVSS 8.8
CVE-2020-13676
MEDIUM
Drupal 8.9.0-8.9.18 and Drupal Core 8.0.0-8.9.18 - Improper Access Control in QuickEdit Module
CVSS 6.5
Details
Vulnerabilities
3,104
Exploit Likelihood
High