Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2017-18312 | Missing Authorization vulnerability in Qualcomm products While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A | 7.8 |
| 2018-10-16 | CVE-2018-18377 | Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | 7.5 |
| 2018-10-05 | CVE-2018-15429 | Missing Authorization vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. | 5.3 |
| 2018-10-03 | CVE-2018-16048 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. | 6.5 |
| 2018-09-11 | CVE-2018-2461 | Missing Authorization vulnerability in SAP People Profile 6.0 Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | 8.8 |
| 2018-09-11 | CVE-2018-2455 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-09-11 | CVE-2018-2454 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-09-10 | CVE-2018-16591 | Missing Authorization vulnerability in Furuno Felcom 250 Firmware and Felcom 500 Firmware FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. | 9.8 |
| 2018-08-29 | CVE-2018-7792 | Missing Authorization vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-08-23 | CVE-2018-8028 | Missing Authorization vulnerability in Apache Sentry An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. | 8.8 |