Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-0680 | Missing Authorization vulnerability in Google Android In system properties, there is a possible information disclosure due to a missing permission check. | 2.1 |
| 2021-10-06 | CVE-2021-0681 | Missing Authorization vulnerability in Google Android In system properties, there is a possible information disclosure due to a missing permission check. | 2.1 |
| 2021-10-06 | CVE-2021-0682 | Missing Authorization vulnerability in Google Android In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. | 2.1 |
| 2021-10-06 | CVE-2021-0686 | Missing Authorization vulnerability in Google Android 10.0/11.0 In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. | 2.1 |
| 2021-10-05 | CVE-2021-41554 | Missing Authorization vulnerability in Archibus web Central 21.3.3.815 ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. | 8.8 |
| 2021-10-05 | CVE-2021-39893 | Missing Authorization vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 5.0 |
| 2021-10-04 | CVE-2021-39347 | Missing Authorization vulnerability in Paymentplugins Stripe for Woocommerce The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. | 4.0 |
| 2021-09-30 | CVE-2021-41729 | Missing Authorization vulnerability in Baicloud-Cms Project Baicloud-Cms 2.5.7 BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php. | 6.4 |
| 2021-09-29 | CVE-2021-3653 | Missing Authorization vulnerability in multiple products A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. | 8.8 |
| 2021-09-29 | CVE-2021-33924 | Missing Authorization vulnerability in Confluent Ansible Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. | 7.5 |