Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-22 | CVE-2017-4915 | Incorrect Authorization vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. | 7.8 |
2017-05-08 | CVE-2017-0894 | Incorrect Authorization vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. | 4.3 |
2017-04-07 | CVE-2017-3817 | Incorrect Authorization vulnerability in Cisco Unified Computing System Director 5.5.0.1/6.0.0.0 A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. | 4.3 |
2017-03-28 | CVE-2017-0881 | Incorrect Authorization vulnerability in Zulip Server An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. | 4.3 |
2017-03-20 | CVE-2017-5618 | Incorrect Authorization vulnerability in GNU Screen GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | 7.8 |
2017-03-16 | CVE-2017-6377 | Incorrect Authorization vulnerability in Drupal When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass. | 7.5 |
2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in multiple products In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 4.9 |
2017-03-09 | CVE-2017-6590 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. | 6.3 |
2017-02-15 | CVE-2017-3801 | Incorrect Authorization vulnerability in Cisco Unified Computing System Director 6.0.0.0/6.0.0.1 A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. | 8.8 |
2016-07-13 | CVE-2016-4178 | Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 4.3 |