Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-11 | CVE-2020-12745 | Missing Authorization vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) software. | 7.5 |
| 2020-05-04 | CVE-2020-11671 | Missing Authorization vulnerability in Teampass Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. | 8.1 |
| 2020-05-04 | CVE-2020-10187 | Missing Authorization vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. | 7.5 |
| 2020-04-28 | CVE-2019-15877 | Missing Authorization vulnerability in Freebsd 12.1 In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory. | 5.5 |
| 2020-04-28 | CVE-2019-15876 | Missing Authorization vulnerability in Freebsd 11.3/12.1 In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware. | 5.5 |
| 2020-04-27 | CVE-2020-12138 | Missing Authorization vulnerability in AMD Atillk64 5.11.9.0 AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. | 8.8 |
| 2020-04-24 | CVE-2020-6212 | Missing Authorization vulnerability in SAP ERP and S/4Hana Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | 5.4 |
| 2020-04-24 | CVE-2020-6823 | Missing Authorization vulnerability in Mozilla Firefox A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. | 9.8 |
| 2020-04-21 | CVE-2020-11967 | Missing Authorization vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. | 9.8 |
| 2020-04-16 | CVE-2019-14116 | Missing Authorization vulnerability in Qualcomm Ipq6018 Firmware Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018 | 7.8 |