Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-08 | CVE-2019-1003035 | Missing Authorization vulnerability in Jenkins Azure VM Agents An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration. | 4.3 |
| 2019-03-05 | CVE-2019-9574 | Missing Authorization vulnerability in Mishubd WP Human Resource Management The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | 7.5 |
| 2019-03-01 | CVE-2019-9482 | Missing Authorization vulnerability in Misp 2.4.102 In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. | 5.3 |
| 2019-02-22 | CVE-2019-9002 | Missing Authorization vulnerability in multiple products An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. | 9.8 |
| 2019-02-20 | CVE-2019-1003025 | Missing Authorization vulnerability in Jenkins Cloud Foundry A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-02-19 | CVE-2019-5779 | Missing Authorization vulnerability in multiple products Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2019-02-19 | CVE-2019-5774 | Missing Authorization vulnerability in multiple products Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | 8.8 |
| 2019-02-15 | CVE-2019-0258 | Missing Authorization vulnerability in SAP Disclosure Management 10.01 SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-02-15 | CVE-2019-0257 | Missing Authorization vulnerability in SAP products Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-02-11 | CVE-2018-11888 | Missing Authorization vulnerability in Qualcomm products Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016. | 7.8 |