Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-28 | CVE-2017-0881 | Incorrect Authorization vulnerability in Zulip Server An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. | 4.3 |
| 2017-03-20 | CVE-2017-5618 | Incorrect Authorization vulnerability in GNU Screen GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | 7.8 |
| 2017-03-16 | CVE-2017-6377 | Incorrect Authorization vulnerability in Drupal When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass. | 7.5 |
| 2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in multiple products In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 4.9 |
| 2017-03-09 | CVE-2017-6590 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. | 6.3 |
| 2017-02-15 | CVE-2017-3801 | Incorrect Authorization vulnerability in Cisco Unified Computing System Director 6.0.0.0/6.0.0.1 A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. | 8.8 |
| 2016-07-13 | CVE-2016-4178 | Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 4.3 |
| 2016-06-19 | CVE-2016-4514 | Incorrect Authorization vulnerability in Moxa Pt-7728 and Pt-7728 Firmware Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | 7.7 |
| 2012-08-06 | CVE-2012-1342 | Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0 Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | 5.8 |
| 2009-08-28 | CVE-2008-7109 | Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password. | 9.8 |