Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-17665 | Missing Authorization vulnerability in Octopus Deploy In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. | 8.8 |
| 2017-12-07 | CVE-2017-17450 | Missing Authorization vulnerability in Linux Kernel net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | 7.8 |
| 2017-12-07 | CVE-2017-17448 | Missing Authorization vulnerability in Linux Kernel net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. | 7.8 |
| 2017-12-06 | CVE-2017-17433 | Missing Authorization vulnerability in multiple products The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | 3.7 |
| 2017-12-05 | CVE-2017-11042 | Missing Authorization vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control. | 7.8 |
| 2017-11-07 | CVE-2017-12084 | Missing Authorization vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. | 6.6 |
| 2017-11-01 | CVE-2017-1000243 | Missing Authorization vulnerability in Jenkins Favorite Plugin Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | 4.3 |
| 2017-10-05 | CVE-2017-1000105 | Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. | 5.3 |
| 2017-10-05 | CVE-2017-1000086 | Missing Authorization vulnerability in Jenkins Periodic Backup The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. | 8.0 |
| 2017-09-15 | CVE-2017-10846 | Missing Authorization vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware L02Fmdm9625V10Hjun232017Dcmjp/V10B Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 7.5 |