Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-6393 | Missing Authorization vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2020-02-07 | CVE-2020-8811 | Missing Authorization vulnerability in Bludit 3.10.0 ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | 4.3 |
| 2020-02-06 | CVE-2020-8772 | Missing Authorization vulnerability in Revmakx Infinitewp Client The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. | 9.8 |
| 2020-02-05 | CVE-2020-7968 | Missing Authorization vulnerability in Gitlab GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | 7.5 |
| 2020-02-03 | CVE-2020-7993 | Missing Authorization vulnerability in Prototypejs Prototype 1.6.0.1 Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. | 4.3 |
| 2020-01-30 | CVE-2020-8495 | Missing Authorization vulnerability in Kronos web Time and Attendance 3.8 In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | 7.5 |
| 2020-01-30 | CVE-2020-5228 | Missing Authorization vulnerability in Apereo Opencast Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. | 7.5 |
| 2020-01-28 | CVE-2019-5470 | Missing Authorization vulnerability in Gitlab An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | 7.5 |
| 2020-01-24 | CVE-2013-3960 | Missing Authorization vulnerability in Easytimestudio Easy File Manager 1.1 Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | 9.9 |
| 2020-01-17 | CVE-2019-19802 | Missing Authorization vulnerability in Gallagher Command Centre In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | 6.5 |