Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-03-24 CVE-2017-6369 Missing Authorization vulnerability in Firebirdsql Firebird
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
network
low complexity
firebirdsql CWE-862
6.5
2017-03-20 CVE-2017-5930 Missing Authorization vulnerability in multiple products
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
3.5
2017-03-14 CVE-2017-5985 Missing Authorization vulnerability in Linuxcontainers LXC
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
local
low complexity
linuxcontainers CWE-862
2.1
2017-02-09 CVE-2017-5180 Missing Authorization vulnerability in Firejail Project Firejail
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
local
low complexity
firejail-project CWE-862
4.6
2017-02-09 CVE-2017-3813 Missing Authorization vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user.
local
low complexity
cisco CWE-862
7.2
2017-02-05 CVE-2017-5136 Missing Authorization vulnerability in Sendquick products
An issue was discovered on SendQuick Entera and Avera devices before 2HF16.
network
low complexity
sendquick CWE-862
7.5
2016-05-09 CVE-2015-0571 Missing Authorization vulnerability in Linux Kernel
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.
network
linux CWE-862
critical
9.3
2012-08-31 CVE-2012-4245 Missing Authorization vulnerability in Gimp
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
network
gimp CWE-862
6.8
2006-08-31 CVE-2006-4483 Missing Authorization vulnerability in PHP
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
network
php CWE-862
critical
9.3