Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-12-05 CVE-2017-11042 Missing Authorization vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.
local
low complexity
google CWE-862
4.6
2017-11-07 CVE-2017-12084 Missing Authorization vulnerability in Meetcircle Circle With Disney Firmware 2.0.1
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1.
6.0
2017-11-01 CVE-2017-1000243 Missing Authorization vulnerability in Jenkins Favorite Plugin
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
network
low complexity
jenkins CWE-862
4.0
2017-10-05 CVE-2017-1000105 Missing Authorization vulnerability in Jenkins Blue Ocean
The optional Run/Artifacts permission can be enabled by setting a Java system property.
network
low complexity
jenkins CWE-862
5.0
2017-10-05 CVE-2017-1000086 Missing Authorization vulnerability in Jenkins Periodic Backup
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation.
network
jenkins CWE-862
6.0
2017-09-15 CVE-2017-10846 Missing Authorization vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.
network
low complexity
nttdocomo CWE-862
5.0
2017-09-14 CVE-2017-1002151 Missing Authorization vulnerability in Redhat Pagure
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
network
low complexity
redhat CWE-862
7.5
2017-09-14 CVE-2017-1002007 Missing Authorization vulnerability in Dtracker Project Dtracker 1.5
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
network
low complexity
dtracker-project CWE-862
5.0
2017-09-14 CVE-2017-1002006 Missing Authorization vulnerability in Dtracker Project Dtracker 1.5
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
network
low complexity
dtracker-project CWE-862
5.0
2017-08-18 CVE-2017-12582 Missing Authorization vulnerability in Qnap Ts-212P Firmware 4.2.1
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601.
network
low complexity
qnap CWE-862
7.5