Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-06 | CVE-2019-2218 | Missing Authorization vulnerability in Google Android 10.0 In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. | 7.8 |
| 2019-12-06 | CVE-2019-12734 | Missing Authorization vulnerability in Sitevision 4.0/5.0 SiteVision 4 has Incorrect Access Control. | 8.8 |
| 2019-11-26 | CVE-2019-15998 | Missing Authorization vulnerability in Cisco IOS XR 6.5.1/6.5.2/6.5.3 A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. | 5.3 |
| 2019-11-25 | CVE-2019-5865 | Missing Authorization vulnerability in Google Chrome Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 6.5 |
| 2019-11-25 | CVE-2019-13673 | Missing Authorization vulnerability in Google Chrome Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 7.4 |
| 2019-11-25 | CVE-2019-14822 | Missing Authorization vulnerability in multiple products A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. | 7.1 |
| 2019-11-22 | CVE-2019-18610 | Missing Authorization vulnerability in multiple products An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. | 8.8 |
| 2019-11-22 | CVE-2019-18790 | Missing Authorization vulnerability in multiple products An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. | 6.5 |
| 2019-11-21 | CVE-2019-16547 | Missing Authorization vulnerability in Jenkins Google Compute Engine Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. | 4.3 |
| 2019-11-14 | CVE-2019-15387 | Missing Authorization vulnerability in Archos Core 101 Firmware The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |