Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-06 | CVE-2017-8083 | Missing Authorization vulnerability in Compulab Intense PC Firmware and Mintbox 2 Firmware CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. | 7.2 |
| 2017-06-02 | CVE-2017-0896 | Missing Authorization vulnerability in Zulip Server Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | 6.5 |
| 2017-05-28 | CVE-2017-9232 | Missing Authorization vulnerability in Canonical Juju Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | 10.0 |
| 2017-05-26 | CVE-2017-9036 | Missing Authorization vulnerability in Trendmicro Serverprotect 3.0 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | 7.2 |
| 2017-05-22 | CVE-2017-6635 | Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. | 6.8 |
| 2017-05-18 | CVE-2017-6622 | Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. | 10.0 |
| 2017-05-01 | CVE-2017-6565 | Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. | 8.8 |
| 2017-05-01 | CVE-2017-6564 | Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. | 6.5 |
| 2017-04-25 | CVE-2017-8217 | Missing Authorization vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | 5.0 |
| 2017-04-10 | CVE-2017-7622 | Missing Authorization vulnerability in Deepin Desktop Environment dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. | 9.0 |