Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-04 | CVE-2021-21685 | Missing Authorization vulnerability in Jenkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | 9.1 |
| 2021-11-04 | CVE-2021-21687 | Missing Authorization vulnerability in Jenkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | 9.1 |
| 2021-11-04 | CVE-2021-21688 | Missing Authorization vulnerability in Jenkins The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). | 7.5 |
| 2021-11-04 | CVE-2021-21694 | Missing Authorization vulnerability in Jenkins FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 |
| 2021-11-04 | CVE-2020-25366 | Missing Authorization vulnerability in Dlink Dir-823G Firmware 1.02B05 An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. | 9.1 |
| 2021-11-02 | CVE-2021-41238 | Missing Authorization vulnerability in Hangfire 1.7.25 Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. | 7.5 |
| 2021-11-01 | CVE-2018-25019 | Missing Authorization vulnerability in Learndash The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | 7.5 |
| 2021-10-25 | CVE-2021-39225 | Missing Authorization vulnerability in Nextcloud Deck Nextcloud is an open-source, self-hosted productivity platform. | 8.1 |
| 2021-10-25 | CVE-2021-24779 | Missing Authorization vulnerability in WP Debugging Project WP Debugging The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. | 6.5 |
| 2021-10-22 | CVE-2021-0643 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. | 5.5 |