The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
3,109 vulnerabilities with CWE-863
CVE-2013-4411
MEDIUM
Reviewboard < 1.6.19 - Incorrect Authorization
CVSS 4.3
CVE-2013-4410
HIGH
ReviewBoard 1.6-1.6.18 - Incorrect Authorization in REST API
CVSS 7.5
CVE-2013-6926
Siemens RuggedCom ROS < 3.12.2 - Authenticated Authorization Bypass via Guest or Operator Account
CVE-2013-0543
IBM WebSphere Application Server (WAS) - Auth Bypass
CVE-2013-0889
Google Chrome <25.0.1364.97-25.0.1364.99 - RCE
CVE-2012-3821
MEDIUM
Campaign Enterprise < 11.0.551 - Incorrect Authorization in activate.asp
CVSS 4.3
CVE-2012-3822
HIGH
Arial Campaign Enterprise < 11.0.551 - Unauthenticated User Credential Enumeration via User-Edit.asp
CVSS 7.5
CVE-2012-6094
CRITICAL
CUPS - Incorrect Authorization via Localhost Listen Option Bypass
CVSS 9.8
CVE-2012-2238
HIGH
trytond 2.4.0-2.4.1 - Incorrect Authorization in ModelView.button
CVSS 7.5
CVE-2012-1342
MEDIUM
Cisco Carrier Routing System 3.9-4.1 - Incorrect Authorization via Fragmented Packet Bypass
CVSS 5.8
CVE-2011-3617
MEDIUM
Tahoe-LAFS <1.8.2 - Info Disclosure
CVSS 6.5
CVE-2011-2726
HIGH
Drupal 7.0-7.5 - Unauthenticated File Download via Direct URL Access
CVSS 7.5
CVE-2011-1070
HIGH
V86d < 0.1.10 - Incorrect Authorization
CVSS 7.8
CVE-2011-1207
IBM Rational System Architect < 11.4.0.2 - Remote Code Execution via ActiveBar1 ActiveX SetLayoutData Method
CVE-2011-1123
Google Chrome < 9.0.597.107 - Incorrect Authorization via Internal Extension Function Access
CVE-2010-2525
HIGH
Linux Kernel - Incorrect Authorization in GFS2 ACL Handling
CVSS 7.8
CVE-2010-1435
CRITICAL
Joomla! Core <1.5.16 - Privilege Escalation
CVSS 9.8
CVE-2010-3782
HIGH
obs-server < 1.7.7 - Unauthenticated Account Access via REST API
CVSS 8.8
CVE-2010-2548
CRITICAL
IcedTea6 < 1.7.4 - Unauthenticated Arbitrary File Read and Write via Property Access
CVSS 9.1
CVE-2010-4296
VMware Workstation/Player/Server/Fusion Privilege Escalation via Shared Object File Loading
CVE-2010-2965
CRITICAL
Wind River VxWorks <6 - Memory Corruption
CVSS 9.8
CVE-2009-3723
HIGH
Asterisk 1.6.1-1.6.1.7 - Incorrect Authorization
CVSS 7.5
CVE-2009-2213
MEDIUM
Citrix NetScaler Access Gateway <9.0 - Auth Bypass
CVSS 6.5
CVE-2009-0034
HIGH
sudo <1.6.9p17-1.6.9p19 - Privilege Escalation
CVSS 7.8
CVE-2008-7109
CRITICAL
Kyocera Mita Scanner File Utility 3.3.0.1 - Unauthenticated Arbitrary File Upload
CVSS 9.8
Details
Vulnerabilities
3,109
Exploit Likelihood
High