Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2018-5377 Missing Authorization vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
network
low complexity
discuz CWE-862
7.5
2017-12-20 CVE-2017-17807 Missing Authorization vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
local
low complexity
linux CWE-862
2.1
2017-12-15 CVE-2017-17693 Missing Authorization vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.
4.0
2017-12-13 CVE-2017-17665 Missing Authorization vulnerability in Octopus Deploy
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments.
network
low complexity
octopus CWE-862
6.5
2017-12-07 CVE-2017-17450 Missing Authorization vulnerability in Linux Kernel
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
local
low complexity
linux CWE-862
4.6
2017-12-07 CVE-2017-17448 Missing Authorization vulnerability in Linux Kernel
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
local
low complexity
linux CWE-862
4.6
2017-12-06 CVE-2017-17433 Missing Authorization vulnerability in multiple products
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
network
high complexity
debian samba CWE-862
3.7
2017-12-05 CVE-2017-11042 Missing Authorization vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.
local
low complexity
google CWE-862
4.6
2017-11-07 CVE-2017-12084 Missing Authorization vulnerability in Meetcircle Circle With Disney Firmware 2.0.1
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1.
6.0
2017-11-01 CVE-2017-1000243 Missing Authorization vulnerability in Jenkins Favorite Plugin
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
network
low complexity
jenkins CWE-862
4.0