Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-09 | CVE-2019-13450 | Missing Authorization vulnerability in multiple products In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. | 6.5 |
| 2019-07-08 | CVE-2019-12926 | Missing Authorization vulnerability in Mailenable MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. | 8.8 |
| 2019-07-08 | CVE-2019-2117 | Missing Authorization vulnerability in Google Android In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. | 5.5 |
| 2019-07-01 | CVE-2019-7272 | Missing Authorization vulnerability in Optergy Enterprise and Proton Optergy Proton/Enterprise devices allow Username Disclosure. | 5.3 |
| 2019-06-29 | CVE-2019-13047 | Missing Authorization vulnerability in Toaruos Project Toaruos kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | 7.8 |
| 2019-06-28 | CVE-2019-10175 | Missing Authorization vulnerability in Kubevirt Containerized-Data-Importer 1.4.0 A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. | 6.5 |
| 2019-06-25 | CVE-2019-4158 | Missing Authorization vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. | 5.4 |
| 2019-06-20 | CVE-2019-6961 | Missing Authorization vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. | 6.5 |
| 2019-06-19 | CVE-2019-2005 | Missing Authorization vulnerability in Google Android 8.0/8.1/9.0 In onPermissionGrantResult of GrantPermissionsActivity.java, there is a possible incorrectly granted permission due to a missing permission check. | 8.8 |
| 2019-06-18 | CVE-2019-12875 | Missing Authorization vulnerability in Alpinelinux Abuild Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. | 6.5 |