Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-04 | CVE-2020-25366 | Missing Authorization vulnerability in Dlink Dir-823G Firmware 1.02B05 An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. | 8.5 |
| 2021-11-02 | CVE-2021-41238 | Missing Authorization vulnerability in Hangfire 1.7.25 Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. | 5.0 |
| 2021-11-01 | CVE-2015-20067 | Missing Authorization vulnerability in WP Attachment Export Project WP Attachment Export The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | 5.0 |
| 2021-11-01 | CVE-2018-25019 | Missing Authorization vulnerability in Learndash The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | 5.0 |
| 2021-10-25 | CVE-2021-39225 | Missing Authorization vulnerability in Nextcloud Deck Nextcloud is an open-source, self-hosted productivity platform. | 5.5 |
| 2021-10-25 | CVE-2021-24779 | Missing Authorization vulnerability in WP Debugging Project WP Debugging The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. | 6.5 |
| 2021-10-22 | CVE-2021-0643 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. | 2.1 |
| 2021-10-22 | CVE-2021-0706 | Missing Authorization vulnerability in Google Android 10.0/11.0 In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. | 4.9 |
| 2021-10-19 | CVE-2021-31384 | Missing Authorization vulnerability in Juniper Junos 20.4/21.1 Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. | 7.5 |
| 2021-10-19 | CVE-2021-30810 | Missing Authorization vulnerability in Apple products An authorization issue was addressed with improved state management. | 2.9 |