Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-09 | CVE-2020-15001 | Missing Authorization vulnerability in Yubico Yubikey 5 NFC Firmware An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. | 5.3 |
| 2020-07-06 | CVE-2020-5368 | Missing Authorization vulnerability in Dell Vxrail D560 Firmware and Vxrail D560F Firmware Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. | 7.5 |
| 2020-07-03 | CVE-2020-15518 | Missing Authorization vulnerability in Veeam products VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | 8.8 |
| 2020-07-02 | CVE-2020-15080 | Missing Authorization vulnerability in Prestashop In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. | 5.3 |
| 2020-07-02 | CVE-2020-2216 | Missing Authorization vulnerability in Jenkins Zephyr for Jira Test Management A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password. | 4.3 |
| 2020-07-02 | CVE-2020-2204 | Missing Authorization vulnerability in Jenkins Fortify on Demand A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | 5.4 |
| 2020-07-02 | CVE-2020-2202 | Missing Authorization vulnerability in Jenkins Fortify on Demand A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2020-06-30 | CVE-2020-15412 | Missing Authorization vulnerability in Misp 2.4.128 An issue was discovered in MISP 2.4.128. | 4.3 |
| 2020-06-27 | CVE-2020-15360 | Missing Authorization vulnerability in Docker Desktop 2.3.0.3 com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | 7.8 |
| 2020-06-24 | CVE-2020-4413 | Missing Authorization vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |