Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-05-22 CVE-2017-4915 Incorrect Authorization vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files.
local
low complexity
vmware CWE-863
7.8
2017-05-08 CVE-2017-0894 Incorrect Authorization vulnerability in Nextcloud Server
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error.
network
low complexity
nextcloud CWE-863
4.3
2017-04-07 CVE-2017-3817 Incorrect Authorization vulnerability in Cisco Unified Computing System Director 5.5.0.1/6.0.0.0
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.
network
low complexity
cisco CWE-863
4.3
2017-03-28 CVE-2017-0881 Incorrect Authorization vulnerability in Zulip Server
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join.
network
low complexity
zulip CWE-863
4.3
2017-03-20 CVE-2017-5618 Incorrect Authorization vulnerability in GNU Screen
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
local
low complexity
gnu CWE-863
7.8
2017-03-16 CVE-2017-6377 Incorrect Authorization vulnerability in Drupal
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
network
low complexity
drupal CWE-863
7.5
2017-03-12 CVE-2017-6816 Incorrect Authorization vulnerability in multiple products
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
network
low complexity
wordpress debian CWE-863
4.9
2017-03-09 CVE-2017-6590 Incorrect Authorization vulnerability in Canonical Ubuntu Linux
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10.
high complexity
canonical CWE-863
6.3
2017-02-15 CVE-2017-3801 Incorrect Authorization vulnerability in Cisco Unified Computing System Director 6.0.0.0/6.0.0.1
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability.
local
low complexity
cisco CWE-863
8.8
2016-07-13 CVE-2016-4178 Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
network
low complexity
adobe CWE-863
4.3