Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-10 | CVE-2020-28368 | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
| 2020-11-10 | CVE-2020-6316 | Missing Authorization vulnerability in SAP ERP and S/4Hana SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | 4.3 |
| 2020-11-10 | CVE-2020-26818 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | 8.8 |
| 2020-11-10 | CVE-2020-0454 | Missing Authorization vulnerability in Google Android 9.0 In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. | 5.5 |
| 2020-11-10 | CVE-2020-0448 | Missing Authorization vulnerability in Google Android In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. | 5.5 |
| 2020-11-10 | CVE-2020-0439 | Missing Authorization vulnerability in Google Android In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. | 7.8 |
| 2020-11-10 | CVE-2020-0437 | Missing Authorization vulnerability in Google Android In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. | 5.5 |
| 2020-11-04 | CVE-2020-2302 | Missing Authorization vulnerability in Jenkins Active Directory A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. | 4.3 |
| 2020-11-02 | CVE-2020-28036 | Missing Authorization vulnerability in multiple products wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | 9.8 |
| 2020-10-29 | CVE-2020-27998 | Missing Authorization vulnerability in Fast-Report Fastreport An issue was discovered in FastReport before 2020.4.0. | 9.8 |