Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-05 | CVE-2017-11042 | Missing Authorization vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control. | 4.6 |
2017-11-07 | CVE-2017-12084 | Missing Authorization vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. | 6.0 |
2017-11-01 | CVE-2017-1000243 | Missing Authorization vulnerability in Jenkins Favorite Plugin Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | 4.0 |
2017-10-05 | CVE-2017-1000105 | Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. | 5.0 |
2017-10-05 | CVE-2017-1000086 | Missing Authorization vulnerability in Jenkins Periodic Backup The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. | 6.0 |
2017-09-15 | CVE-2017-10846 | Missing Authorization vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 5.0 |
2017-09-14 | CVE-2017-1002151 | Missing Authorization vulnerability in Redhat Pagure Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | 7.5 |
2017-09-14 | CVE-2017-1002007 | Missing Authorization vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 5.0 |
2017-09-14 | CVE-2017-1002006 | Missing Authorization vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 5.0 |
2017-08-18 | CVE-2017-12582 | Missing Authorization vulnerability in Qnap Ts-212P Firmware 4.2.1 Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. | 7.5 |