Weaknesses of type CWE-285
1,285 resultsCVE-2018-1116MEDIUMA flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization functionEPSS 1.2%CVE-2019-15990MEDIUMCisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure VulnerabilityEPSS 1.2%CVE-2020-1720LOWA flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticatedEPSS 1.2%CVE-2021-43847MEDIUMAuthorization Bypass in Space Invite in HumHubEPSS 1.2%CVE-2020-7530—A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to EPSS 1.2%CVE-2020-5232HIGHEthereum Name Service - Malicious takeover of previously owned ENS namesEPSS 1.2%CVE-2017-0894—Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting EPSS 1.2%CVE-2017-2686—Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the weEPSS 1.1%CVE-2020-5275HIGHFirewall configured with unanimous strategy was not actually unanimous in symfony/security-httpEPSS 1.1%CVE-2024-27930MEDIUMSensitive fields access through dropdowns in GLPIEPSS 1.1%CVE-2021-32620HIGHUsers registered with email verification can self re-activate their disabled accountsEPSS 1.1%CVE-2020-5318HIGHDell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit EPSS 1.1%CVE-2021-31384HIGHJunos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the serviceEPSS 1.1%CVE-2019-1851MEDIUMCisco Identity Services Engine Arbitrary Client Certificate Creation VulnerabilityEPSS 1.1%CVE-2020-9048HIGHvictor Web Client - Arbitrary File Deletion VulnerabilityEPSS 1.1%CVE-2021-32619CRITICALStatic imports inside dynamically imported modules do not adhere to permission checksEPSS 1.1%CVE-2024-43482MEDIUMMicrosoft Outlook for iOS Information Disclosure VulnerabilityEPSS 1.1%CVE-2021-1576HIGHCisco Business Process Automation Privilege Escalation VulnerabilitiesEPSS 1.1%CVE-2020-36696HIGHProduct Input Fields for WooCommerce <= 1.2.6 - Missing AuthorizationEPSS 1.1%CVE-2021-35964HIGHLearningdigital.com, Inc. Orca HCM - Broken AuthenticationEPSS 1.1%