Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2022-20536 | Missing Authorization vulnerability in Google Android 13.0 In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. | 3.3 |
| 2022-12-16 | CVE-2022-20537 | Missing Authorization vulnerability in Google Android 13.0 In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. | 3.3 |
| 2022-12-16 | CVE-2022-20544 | Missing Authorization vulnerability in Google Android 13.0 In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. | 4.4 |
| 2022-12-16 | CVE-2022-20547 | Missing Authorization vulnerability in Google Android 13.0 In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. | 7.8 |
| 2022-12-16 | CVE-2022-20556 | Missing Authorization vulnerability in Google Android 13.0 In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. | 3.3 |
| 2022-12-16 | CVE-2022-20572 | Missing Authorization vulnerability in Google Android In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. | 6.7 |
| 2022-12-13 | CVE-2022-20240 | Missing Authorization vulnerability in Google Android 12.0 In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. | 2.3 |
| 2022-12-13 | CVE-2022-4223 | Missing Authorization vulnerability in multiple products The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. | 8.8 |
| 2022-12-13 | CVE-2022-41272 | Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50 An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. | 8.6 |
| 2022-12-13 | CVE-2022-41271 | Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50 An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. | 9.4 |