Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-20349 | Missing Authorization vulnerability in Google Android In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. | 7.8 |
| 2022-08-10 | CVE-2022-20352 | Missing Authorization vulnerability in Google Android 12.0/12.1 In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. | 5.5 |
| 2022-08-10 | CVE-2022-20358 | Missing Authorization vulnerability in Google Android In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. | 3.3 |
| 2022-08-10 | CVE-2022-20360 | Missing Authorization vulnerability in Google Android In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. | 7.8 |
| 2022-08-08 | CVE-2022-1323 | Missing Authorization vulnerability in 2Code Discy The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request. | 6.5 |
| 2022-08-05 | CVE-2022-2459 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 2.7 |
| 2022-08-05 | CVE-2022-36836 | Missing Authorization vulnerability in Samsung Charm Firmware Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. | 5.5 |
| 2022-08-01 | CVE-2022-26429 | Missing Authorization vulnerability in Google Android 11.0/12.0 In cta, there is a possible way to write permission usage records of an app due to a missing permission check. | 7.8 |
| 2022-08-01 | CVE-2022-2370 | Missing Authorization vulnerability in Yaycommerce Yaysmtp The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them | 6.5 |
| 2022-07-27 | CVE-2022-36883 | Missing Authorization vulnerability in Jenkins GIT A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 7.5 |