Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-24 | CVE-2017-6369 | Missing Authorization vulnerability in Firebirdsql Firebird Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. | 6.5 |
2017-03-20 | CVE-2017-5930 | Missing Authorization vulnerability in multiple products The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. | 3.5 |
2017-03-14 | CVE-2017-5985 | Missing Authorization vulnerability in Linuxcontainers LXC lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. | 2.1 |
2017-02-09 | CVE-2017-5180 | Missing Authorization vulnerability in Firejail Project Firejail Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. | 4.6 |
2017-02-09 | CVE-2017-3813 | Missing Authorization vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. | 7.2 |
2017-02-05 | CVE-2017-5136 | Missing Authorization vulnerability in Sendquick products An issue was discovered on SendQuick Entera and Avera devices before 2HF16. | 7.5 |
2016-05-09 | CVE-2015-0571 | Missing Authorization vulnerability in Linux Kernel The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. | 9.3 |
2012-08-31 | CVE-2012-4245 | Missing Authorization vulnerability in Gimp The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. | 6.8 |
2006-08-31 | CVE-2006-4483 | Missing Authorization vulnerability in PHP The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. | 9.3 |