Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-01 | CVE-2017-1000243 | Missing Authorization vulnerability in Jenkins Favorite Plugin Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | 4.0 |
| 2017-10-05 | CVE-2017-1000105 | Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. | 5.0 |
| 2017-10-05 | CVE-2017-1000086 | Missing Authorization vulnerability in Jenkins Periodic Backup The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. | 6.0 |
| 2017-09-15 | CVE-2017-10846 | Missing Authorization vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 5.0 |
| 2017-09-14 | CVE-2017-1002151 | Missing Authorization vulnerability in Redhat Pagure Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | 7.5 |
| 2017-09-14 | CVE-2017-1002007 | Missing Authorization vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 5.0 |
| 2017-09-14 | CVE-2017-1002006 | Missing Authorization vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 5.0 |
| 2017-08-18 | CVE-2017-12582 | Missing Authorization vulnerability in Qnap Ts-212P Firmware 4.2.1 Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. | 7.5 |
| 2017-08-01 | CVE-2017-11135 | Missing Authorization vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 5.0 |
| 2017-07-28 | CVE-2017-6251 | Missing Authorization vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. | 7.2 |