Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in multiple products In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 4.9 |
| 2017-03-09 | CVE-2017-6590 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. | 6.3 |
| 2017-02-15 | CVE-2017-3801 | Incorrect Authorization vulnerability in Cisco Unified Computing System Director 6.0.0.0/6.0.0.1 A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. | 8.8 |
| 2016-07-13 | CVE-2016-4178 | Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 4.3 |
| 2016-06-19 | CVE-2016-4514 | Incorrect Authorization vulnerability in Moxa Pt-7728 and Pt-7728 Firmware Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | 7.7 |
| 2012-08-06 | CVE-2012-1342 | Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0 Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | 5.8 |
| 2009-08-28 | CVE-2008-7109 | Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password. | 9.8 |
| 2009-06-25 | CVE-2009-2213 | Incorrect Authorization vulnerability in Citrix products The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | 6.5 |
| 2009-01-30 | CVE-2009-0034 | Incorrect Authorization vulnerability in multiple products parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | 7.8 |
| 2008-10-15 | CVE-2008-4577 | Incorrect Authorization vulnerability in multiple products The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | 7.5 |