Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36921 | Missing Authorization vulnerability in Jenkins Coverity A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.1 |
| 2022-07-26 | CVE-2021-33057 | Missing Authorization vulnerability in Tencent QQ 8.7.1 The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. | 7.5 |
| 2022-07-19 | CVE-2021-32504 | Missing Authorization vulnerability in Sick Ftmg Firmware Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. | 5.3 |
| 2022-07-18 | CVE-2022-2108 | Missing Authorization vulnerability in Wbcomdesigns Buddypress Group Reviews The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. | 5.3 |
| 2022-07-13 | CVE-2022-20225 | Missing Authorization vulnerability in Google Android In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. | 5.5 |
| 2022-07-06 | CVE-2022-21763 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telecom service, there is a possible information disclosure due to a missing permission check. | 5.5 |
| 2022-07-06 | CVE-2022-21764 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telecom service, there is a possible information disclosure due to a missing permission check. | 5.5 |
| 2022-07-06 | CVE-2022-21777 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Autoboot, there is a possible permission bypass due to a missing permission check. | 7.8 |
| 2022-06-30 | CVE-2022-34779 | Missing Authorization vulnerability in Jenkins Xebialabs XL Release A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-06-30 | CVE-2022-34781 | Missing Authorization vulnerability in Jenkins Xebialabs XL Release Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |