Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-10 | CVE-2018-1116 | Missing Authorization vulnerability in multiple products A flaw was found in polkit before version 0.116. | 3.6 |
2018-07-10 | CVE-2018-2436 | Missing Authorization vulnerability in SAP R/3 Enterprise Retail Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-07-09 | CVE-2018-11541 | Missing Authorization vulnerability in Ribboncommunications products A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. | 10.0 |
2018-06-25 | CVE-2018-8755 | Missing Authorization vulnerability in Nucom Wr644Gacv Firmware NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. | 5.0 |
2018-06-11 | CVE-2018-5135 | Missing Authorization vulnerability in Mozilla Firefox WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. | 5.0 |
2018-06-11 | CVE-2018-5113 | Missing Authorization vulnerability in multiple products The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. | 5.0 |
2018-06-07 | CVE-2018-0336 | Missing Authorization vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. | 6.5 |
2018-06-07 | CVE-2018-7689 | Missing Authorization vulnerability in Opensuse Open Build Service Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. | 6.5 |
2018-06-07 | CVE-2018-7688 | Missing Authorization vulnerability in Opensuse Open Build Service A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. | 6.5 |
2018-06-07 | CVE-2018-0322 | Missing Authorization vulnerability in Cisco products A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. | 6.5 |