Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-15 | CVE-2021-1025 | Missing Authorization vulnerability in Google Android 12.0 In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. | 2.1 |
2021-12-15 | CVE-2021-1034 | Missing Authorization vulnerability in Google Android 12.0 In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. | 2.1 |
2021-12-15 | CVE-2021-39639 | Missing Authorization vulnerability in Google Android In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. | 7.2 |
2021-12-15 | CVE-2021-39651 | Missing Authorization vulnerability in Google Android In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. | 4.6 |
2021-12-14 | CVE-2021-41066 | Missing Authorization vulnerability in Bopsoft Listary An issue was discovered in Listary through 6. | 7.5 |
2021-12-14 | CVE-2021-42367 | Missing Authorization vulnerability in Variation Swatches for Woocommerce Project Variation Swatches for Woocommerce The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. | 3.5 |
2021-12-14 | CVE-2021-44233 | Missing Authorization vulnerability in SAP Access Control V1100700/V1100731/V1200750 SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. | 6.5 |
2021-12-13 | CVE-2021-24790 | Missing Authorization vulnerability in Contact Form Advanced Database Project Contact Form Advanced Database 1.0.8 The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. | 4.3 |
2021-12-13 | CVE-2021-24836 | Missing Authorization vulnerability in Storeapps Temporary Login Without Password The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them | 4.0 |
2021-12-13 | CVE-2021-20865 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. | 5.0 |