Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-12 | CVE-2021-21468 | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |
2021-01-12 | CVE-2021-21467 | Missing Authorization vulnerability in SAP Banking Services SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.3 |
2021-01-08 | CVE-2020-16029 | Missing Authorization vulnerability in Google Chrome Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. | 6.8 |
2021-01-08 | CVE-2020-16027 | Missing Authorization vulnerability in Google Chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension. | 4.3 |
2021-01-07 | CVE-2020-35745 | Missing Authorization vulnerability in PHPgurukul Hospital Management System 4.0 PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | 8.8 |
2021-01-04 | CVE-2020-35219 | Missing Authorization vulnerability in Asus Dsl-N17U Firmware 1.1.0.2 The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings. | 10.0 |
2020-12-22 | CVE-2019-11785 | Missing Authorization vulnerability in Odoo Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages. | 4.0 |
2020-12-22 | CVE-2019-11784 | Missing Authorization vulnerability in Odoo Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to. | 4.0 |
2020-12-22 | CVE-2019-11783 | Missing Authorization vulnerability in Odoo Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. | 4.0 |
2020-12-18 | CVE-2020-13519 | Missing Authorization vulnerability in Nzxt CAM 4.8.0 A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. | 7.2 |