Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-08 | CVE-2020-16027 | Missing Authorization vulnerability in Google Chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension. | 6.5 |
| 2021-01-07 | CVE-2020-35745 | Missing Authorization vulnerability in PHPgurukul Hospital Management System 4.0 PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | 8.8 |
| 2020-12-28 | CVE-2020-29160 | Missing Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 7.5 |
| 2020-12-28 | CVE-2020-29158 | Missing Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 4.3 |
| 2020-12-26 | CVE-2020-25917 | Missing Authorization vulnerability in Stratodesk Notouch Center 4.1.24 Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. | 8.8 |
| 2020-12-22 | CVE-2019-11785 | Missing Authorization vulnerability in Odoo Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages. | 4.3 |
| 2020-12-22 | CVE-2019-11784 | Missing Authorization vulnerability in Odoo Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to. | 6.5 |
| 2020-12-22 | CVE-2019-11783 | Missing Authorization vulnerability in Odoo Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. | 6.5 |
| 2020-12-21 | CVE-2020-35625 | Missing Authorization vulnerability in Mediawiki An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. | 8.8 |
| 2020-12-21 | CVE-2020-4841 | Missing Authorization vulnerability in IBM Security Secret Server 10.6 IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |