Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-13 | CVE-2020-15251 | Missing Authorization vulnerability in Mirahezebots Channelmgnt 1.0.0/1.0.1/1.0.2 In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. | 4.0 |
2020-10-09 | CVE-2020-13626 | Missing Authorization vulnerability in Oneplus APP Locker 20201006 OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. | 4.6 |
2020-10-06 | CVE-2020-26598 | Missing Authorization vulnerability in Google Android 8.0/8.1/9.0 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. | 5.0 |
2020-09-30 | CVE-2020-26160 | Missing Authorization vulnerability in Jwt-Go Project Jwt-Go jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). | 5.0 |
2020-09-30 | CVE-2020-13319 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. | 4.0 |
2020-09-30 | CVE-2020-13296 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. | 7.5 |
2020-09-25 | CVE-2020-24718 | Missing Authorization vulnerability in multiple products bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | 7.2 |
2020-09-24 | CVE-2020-3524 | Missing Authorization vulnerability in Cisco IOS XE ROM Monitor 15.6(18R)/16.2(1R) A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. | 6.8 |
2020-09-24 | CVE-2020-3400 | Missing Authorization vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. | 6.5 |
2020-09-23 | CVE-2020-2285 | Missing Authorization vulnerability in Jenkins Liquibase Runner A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |