Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-14 | CVE-2020-20183 | Missing Authorization vulnerability in Zyxel P1302-T10 V3 Firmware 2.00 Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. | 5.0 |
2020-12-14 | CVE-2020-35236 | Missing Authorization vulnerability in Amazee Lagoon The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion. | 5.0 |
2020-12-11 | CVE-2020-28215 | Missing Authorization vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently. | 7.5 |
2020-12-09 | CVE-2020-26832 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap and S/4 Hana SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable. | 7.6 |
2020-12-09 | CVE-2020-26830 | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. | 5.5 |
2020-12-09 | CVE-2020-27349 | Missing Authorization vulnerability in Canonical Ubuntu Linux Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. | 2.1 |
2020-12-08 | CVE-2020-14205 | Missing Authorization vulnerability in Divebook Project Divebook 1.1.4 The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. | 5.0 |
2020-12-08 | CVE-2020-25629 | Missing Authorization vulnerability in Moodle A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. | 8.8 |
2020-12-04 | CVE-2020-29561 | Missing Authorization vulnerability in Boom-Core Risvc-Boom 3.0.0 An issue was discovered in SonicBOOM riscv-boom 3.0.0. | 4.3 |
2020-12-03 | CVE-2020-25711 | Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. | 6.5 |