Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-19754 Missing Authorization vulnerability in Oracle Tarantella Enterprise
Tarantella Enterprise before 3.11 allows bypassing Access Control.
network
low complexity
oracle CWE-862
6.5
2018-12-04 CVE-2018-18647 Missing Authorization vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.
network
low complexity
gitlab CWE-862
5.5
2018-11-14 CVE-2018-9457 Missing Authorization vulnerability in Google Android 8.0/8.1/9.0
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass.
local
low complexity
google CWE-862
2.1
2018-11-08 CVE-2018-1314 Missing Authorization vulnerability in Apache Hive
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query.
network
low complexity
apache CWE-862
4.3
2018-11-08 CVE-2018-19110 Missing Authorization vulnerability in Tianti Project Tianti 2.3
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
network
low complexity
tianti-project CWE-862
4.0
2018-10-31 CVE-2018-15327 Missing Authorization vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5 CWE-862
6.5
2018-10-24 CVE-2018-11785 Missing Authorization vulnerability in Apache Impala
Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.
network
low complexity
apache CWE-862
6.5
2018-10-23 CVE-2017-18312 Missing Authorization vulnerability in Qualcomm products
While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A
local
low complexity
qualcomm CWE-862
7.2
2018-10-16 CVE-2018-18377 Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
network
low complexity
orange CWE-862
5.0
2018-10-05 CVE-2018-15429 Missing Authorization vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A)
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system.
network
low complexity
cisco CWE-862
5.0