Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2019-14813 CRITICAL

Ghostscript 9.00-9.49 - Unauthenticated Privilege Escalation via setsystemparams Procedure

CVE-2019-2175 HIGH

Android 9 - Incorrect Authorization in SliceManagerService

CVE-2019-14817 HIGH

Ghostscript < 9.50 - Privilege Escalation via Unsecured Privileged API Calls

CVE-2019-14811 HIGH

Ghostscript < 9.50 - Privilege Escalation via .pdf_hook_DSC_Creator Bypass

CVE-2019-11247 HIGH

Kubernetes < 1.13.9, < 1.14.5, < 1.15.2 - Unauthorized Cluster-Scoped Custom Resource Access via Namespace Impersonation

CVE-2019-8446 MEDIUM

Jira Server 7.6-8.3.1 - Unauthenticated Username Enumeration via Issue Navigation Endpoint

CVE-2019-8445 MEDIUM

Jira Server 7.13.0-7.13.6 and 8.0.0-8.3.1 - Unauthenticated Worklog Information Disclosure via Missing Authorization

CVE-2019-1192 MEDIUM

Internet Explorer - Same-Origin Policy Bypass via Improper Origin Handling

CVE-2019-13417 MEDIUM

Search Guard < 24.0 - Unauthorized Field Name Exposure via Field Caps and Mapping API

CVE-2019-14924 HIGH

gcdwebserver < 3.5.3 - Incorrect Authorization in GCDWebUploader moveItem

CVE-2019-1912 CRITICAL

Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Arbitrary File Upload

CVE-2019-13386 HIGH

CentOS Web Panel 0.9.8.846 - Remote Command Execution via filemanager2.php Hidden Action

CVE-2019-11724 MEDIUM

Firefox < 68.0 - Incorrect Authorization via Retired Site Permission

CVE-2019-1010084 MEDIUM

Dancer::Plugin::SimpleCRUD <1.14 - Privilege Escalation

CVE-2019-5220 MEDIUM

Multiple Smartphones <9.0.0.200 - Privilege Escalation

CVE-2019-9149 MEDIUM

Mailvelope < 3.3.0 - Unauthenticated Private Key Operations via Client-API URL Parameter

CVE-2019-13337 HIGH

WESEEK GROWI < 3.5.0 - Unauthenticated Authorization Bypass via access_token URL Parameter

CVE-2019-5602 HIGH

FreeBSD Out-of-bounds Write in cdrom Driver

CVE-2019-7258 HIGH

Linear eMerge E3-Series - Privilege Escalation

CVE-2019-10964 HIGH

Medtronic MiniMed 508 and Paradigm Firmware - Improper Access Control via Wireless RF Communication

CVE-2019-5838 MEDIUM

Google Chrome < 75.0.3770.80 - Insufficient Policy Enforcement in Extensions API

CVE-2019-1626 HIGH

Cisco SD-WAN Firmware < 18.3.6 - Authenticated Privilege Escalation via vManage Web UI

CVE-2019-6582 HIGH

Siveillance VMS <13.1a Authenticated Improper Authorization

CVE-2019-12492 MEDIUM

Gallagher Command Centre < 7.80.939 - Incorrect Authorization

CVE-2019-3403 MEDIUM

Jira < 7.13.3, 8.0.0-8.0.3, 8.1.0 - Unauthenticated Username Enumeration via User Picker REST Endpoint

Previous Page 114 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy