Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-07-10 CVE-2018-1116 Missing Authorization vulnerability in multiple products
A flaw was found in polkit before version 0.116.
local
low complexity
debian canonical polkit-project CWE-862
3.6
2018-07-10 CVE-2018-2436 Missing Authorization vulnerability in SAP R/3 Enterprise Retail
Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-07-09 CVE-2018-11541 Missing Authorization vulnerability in Ribboncommunications products
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector.
network
low complexity
ribboncommunications CWE-862
critical
10.0
2018-06-25 CVE-2018-8755 Missing Authorization vulnerability in Nucom Wr644Gacv Firmware
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials.
network
low complexity
nucom CWE-862
5.0
2018-06-11 CVE-2018-5135 Missing Authorization vulnerability in Mozilla Firefox
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages.
network
low complexity
mozilla CWE-862
5.0
2018-06-11 CVE-2018-5113 Missing Authorization vulnerability in multiple products
The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced.
network
low complexity
mozilla canonical CWE-862
5.0
2018-06-07 CVE-2018-0336 Missing Authorization vulnerability in Cisco Prime Collaboration 12.1
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level.
network
low complexity
cisco CWE-862
6.5
2018-06-07 CVE-2018-7689 Missing Authorization vulnerability in Opensuse Open Build Service
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
network
low complexity
opensuse CWE-862
6.5
2018-06-07 CVE-2018-7688 Missing Authorization vulnerability in Opensuse Open Build Service
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
network
low complexity
opensuse CWE-862
6.5
2018-06-07 CVE-2018-0322 Missing Authorization vulnerability in Cisco products
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device.
network
low complexity
cisco CWE-862
6.5