CWE-863
3,038 CVEs • Abstraction: Class • Likelihood of Exploit: High
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVEs (3,038)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for rem...Show more |
1Cisco 1Carrier Routing System Apr 29, 2026 Aug 6, 2012 N/A· v4 5.8 MEDIUM· v3 5.0 MEDIUM· v2 Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. |
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLay...Show more |
Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors. |
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not...Show more |
2Rockwellautomation Windriver21756 Enbt/a Firmware VxworksMay 28, 2026 Aug 5, 2010 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or m...Show more |
1Kyoceramita 1Scanner File Utility Apr 23, 2026 Aug 28, 2009 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user fo...Show more |
1Citrix 2Netscaler Access Gateway Netscaler Access Gateway FirmwareApr 23, 2026 Jun 25, 2009 N/A· v4 6.5 MEDIUM· v3 6.3 MEDIUM· v2 The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action optio...Show more |
4Net Snmp OpensuseRedhat+1 more4Enterprise Linux Linux EnterpriseNet Snmp+1 moreApr 23, 2026 Feb 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to...Show more |
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to lever...Show more |
4Canonical DovecotFedoraproject+1 more4Dovecot FedoraOpensuse+1 moreApr 23, 2026 Oct 15, 2008 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. |
2Condor Project Fedoraproject2Condor FedoraApr 23, 2026 Jul 31, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypas...Show more |
4Fedoraproject FreedesktopMandrakesoft+1 more4Dbus Enterprise LinuxFedora+1 moreApr 23, 2026 Feb 29, 2008 N/A· v4 N/A· v3 4.6 MEDIUM· v2 dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intend...Show more |
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name. |
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated b...Show more |
1Chetcpasswd Project 1Chetcpasswd Apr 23, 2026 Dec 21, 2006 N/A· v4 7.5 HIGH· v3 7.5 HIGH· v2 Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. |
1Raritan 5Dominion Sx16 Firmware Dominion Sx32 FirmwareDominion Sx4 Firmware+2 moreApr 16, 2026 Jul 5, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain h...Show more |
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restr...Show more |