Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-16 | CVE-2019-10439 | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
2019-10-16 | CVE-2019-10438 | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2019-10-15 | CVE-2019-12944 | Missing Authorization vulnerability in Gluehome Glue Smart Lock Firmware 2.7.8 Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. | 7.5 |
2019-10-08 | CVE-2019-0367 | Missing Authorization vulnerability in SAP Netweaver Process Integration 1.0/2.0 SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. | 4.0 |
2019-10-01 | CVE-2019-17055 | Missing Authorization vulnerability in multiple products base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | 3.3 |
2019-09-27 | CVE-2019-9380 | Missing Authorization vulnerability in Google Android 10.0 In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. | 4.3 |
2019-09-27 | CVE-2019-9377 | Missing Authorization vulnerability in Google Android 10.0 In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. | 2.1 |
2019-09-27 | CVE-2019-9351 | Missing Authorization vulnerability in Google Android 10.0 In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. | 2.1 |
2019-09-27 | CVE-2019-9323 | Missing Authorization vulnerability in Google Android 10.0 In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. | 5.0 |
2019-09-27 | CVE-2019-9295 | Missing Authorization vulnerability in Google Android 10.0 In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. | 4.6 |