Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2019-3401 MEDIUM

Jira < 7.13.3 and 8.0.0-8.1.1 - Unauthenticated Username Enumeration via ManageFilters.jspa

CVE-2019-3399 HIGH

Jira <7.13.2 and 8.0.0-8.0.2 - Unauthenticated Information Disclosure via BrowseProjects.jspa

CVE-2019-7304 CRITICAL

Canonical snapd <2.37.1 - Command Injection

CVE-2019-6570 HIGH

SINEMA Remote Connect Server < 2.0 - Insufficient Permission Check

CVE-2019-3842 HIGH

systemd < 242-rc4 - Improper Authorization via XDG_SEAT Environment Variable

CVE-2019-0732 HIGH

Windows - Device Guard Bypass via LUAFV Driver Improper Call Handling

CVE-2019-3887 MEDIUM

Linux Kernel >= 4.16 - Denial of Service via KVM x2APIC MSR Access

CVE-2019-0762 MEDIUM

Microsoft Internet Explorer and Edge - Security Feature Bypass via Origin Handling

CVE-2019-0761 MEDIUM

Internet Explorer - Security Feature Bypass via URL Security Zone Validation

CVE-2019-0678 MEDIUM

Microsoft Edge - Privilege Escalation

CVE-2019-3848 MEDIUM

moodle < 3.4.8 - Incorrect Authorization in Calendar Event Modal

CVE-2019-3831 MEDIUM

ovirt vdsm 4.19-4.30.3 4.30.5-4.30.8 - Authenticated Remote Code Execution via systemd_run Function

CVE-2019-3827 HIGH

gvfs < 1.39.4 - Incorrect Authorization in Admin Backend

CVE-2019-10014 MEDIUM

DedeCMS 5.7SP2 - Authenticated Arbitrary Password Reset via ID Parameter

CVE-2019-0276 HIGH

Banking services from SAP 9.0 and SAP S/4HANA Financial Products Subledger 1 - Incorrect Authorization

CVE-2019-1604 HIGH

Cisco NX-OS < 7.0(3)I7(4) - Authenticated Privilege Escalation via Incorrect Group ID Authorization

CVE-2019-1603 HIGH

Cisco NX-OS < 7.0(3)I7(4) - Authenticated Privilege Escalation via CLI

CVE-2019-1667 LOW

Cisco HyperFlex HX Data Platform < 3.5(2a) - Authenticated Arbitrary Data Write via Graphite Interface

CVE-2019-0105 HIGH

Intel Data Center Manager < 5.0.2 - Authenticated Privilege Escalation via Insufficient File Permissions

CVE-2019-7639 HIGH

gsi-openssh-server 7.9p1 - Info Disclosure

CVE-2019-0552 HIGH

Windows COM Desktop Broker - Privilege Escalation

CVE-2018-25353 HIGH

Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

CVE-2018-25146 HIGH

Microhard Systems IPn4G 1.1.0 - Privilege Escalation

CVE-2018-9374 HIGH

Android - Incorrect Authorization in PackageManagerService

CVE-2018-8724 HIGH

K7Computing Antivirus < 16.0.0001 - Privilege Escalation via K7TSMngr.exe

Previous Page 115 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy