Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-28 | CVE-2017-6251 | Missing Authorization vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. | 7.8 |
| 2017-07-17 | CVE-2017-1000056 | Missing Authorization vulnerability in Kubernetes Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | 9.8 |
| 2017-06-19 | CVE-2017-4985 | Missing Authorization vulnerability in EMC Vnx1 Firmware and Vnx2 Firmware In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. | 7.8 |
| 2017-06-14 | CVE-2017-7914 | Missing Authorization vulnerability in Rockwellautomation Panelview Plus 6 700-1500 Firmware A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. | 8.6 |
| 2017-06-14 | CVE-2017-7677 | Missing Authorization vulnerability in Apache Ranger In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. | 5.9 |
| 2017-06-13 | CVE-2017-6693 | Missing Authorization vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. | 5.5 |
| 2017-06-08 | CVE-2017-6639 | Missing Authorization vulnerability in Cisco Prime Data Center Network Manager 10.1.0/10.1(1)/10.1(2) A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. | 9.8 |
| 2017-06-06 | CVE-2017-8083 | Missing Authorization vulnerability in Compulab Intense PC Firmware and Mintbox 2 Firmware CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. | 6.7 |
| 2017-06-02 | CVE-2017-0896 | Missing Authorization vulnerability in Zulip Server Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | 6.5 |
| 2017-05-28 | CVE-2017-9232 | Missing Authorization vulnerability in Canonical Juju Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | 9.8 |