Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2019-1003006 | Missing Authorization vulnerability in Jenkins Groovy A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 |
| 2019-02-05 | CVE-2018-18996 | Missing Authorization vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | 9.8 |
| 2019-02-04 | CVE-2019-1000017 | Missing Authorization vulnerability in Chamilo LMS Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. | 6.5 |
| 2019-01-22 | CVE-2017-6923 | Missing Authorization vulnerability in Drupal In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. | 6.5 |
| 2019-01-10 | CVE-2019-5886 | Missing Authorization vulnerability in Shopxo 1.2.0 An issue was discovered in ShopXO 1.2.0. | 9.8 |
| 2019-01-09 | CVE-2018-16081 | Missing Authorization vulnerability in multiple products Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. | 7.4 |
| 2019-01-08 | CVE-2019-0573 | Missing Authorization vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
| 2019-01-08 | CVE-2019-0566 | Missing Authorization vulnerability in Microsoft Edge An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | 8.8 |
| 2019-01-08 | CVE-2019-0555 | Missing Authorization vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
| 2019-01-08 | CVE-2019-0243 | Missing Authorization vulnerability in SAP Bw/4Hana 1.0 Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |