Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-17 | CVE-2019-15850 | Missing Authorization vulnerability in Eq-3 Homematic Ccu3 Firmware 3.41.11 eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. | 8.8 |
| 2019-10-16 | CVE-2019-16698 | Missing Authorization vulnerability in DKD Direct Mail The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter. | 4.3 |
| 2019-10-16 | CVE-2019-10457 | Missing Authorization vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0 A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2019-10-16 | CVE-2019-10455 | Missing Authorization vulnerability in Jenkins Rundeck A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2019-10-16 | CVE-2019-10445 | Missing Authorization vulnerability in Jenkins Google Kubernetes Engine A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | 4.3 |
| 2019-10-16 | CVE-2019-10442 | Missing Authorization vulnerability in Jenkins Icescrum A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2019-10-16 | CVE-2019-10439 | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2019-10-16 | CVE-2019-10438 | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2019-10-15 | CVE-2019-12944 | Missing Authorization vulnerability in Gluehome Glue Smart Lock Firmware 2.7.8 Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. | 7.5 |
| 2019-10-11 | CVE-2019-2110 | Missing Authorization vulnerability in Google Android 9.0 In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. | 5.5 |