Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-24718 | Missing Authorization vulnerability in multiple products bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | 8.2 |
| 2020-09-24 | CVE-2020-3524 | Missing Authorization vulnerability in Cisco IOS XE ROM Monitor 15.6(18R)/16.2(1R) A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. | 6.8 |
| 2020-09-24 | CVE-2020-3400 | Missing Authorization vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. | 8.8 |
| 2020-09-23 | CVE-2020-2285 | Missing Authorization vulnerability in Jenkins Liquibase Runner A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2020-09-23 | CVE-2020-2282 | Missing Authorization vulnerability in Jenkins Implied Labels Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | 4.3 |
| 2020-09-18 | CVE-2020-0327 | Missing Authorization vulnerability in Google Android 11.0 In core networking, there is a missing permission check. | 5.5 |
| 2020-09-18 | CVE-2020-0316 | Missing Authorization vulnerability in Google Android 11.0 In Telephony, there is a missing permission check. | 5.5 |
| 2020-09-18 | CVE-2020-0299 | Missing Authorization vulnerability in Google Android 11.0 In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. | 7.8 |
| 2020-09-18 | CVE-2020-0298 | Missing Authorization vulnerability in Google Android 11.0 In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. | 7.8 |
| 2020-09-18 | CVE-2020-0285 | Missing Authorization vulnerability in Google Android 11.0 In Telephony, there is a possible permission bypass due to a missing permission check. | 5.5 |