Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2018-10093 | Missing Authorization vulnerability in Audiocodes 420Hd IP Phone Firmware 2.2.12.126 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. | 8.8 |
| 2019-03-13 | CVE-2019-9742 | Missing Authorization vulnerability in Gdata-Software Total Security 25.4.0.3 gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation. | 7.5 |
| 2019-03-12 | CVE-2019-0270 | Missing Authorization vulnerability in SAP products ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-03-12 | CVE-2019-9713 | Missing Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.4. | 7.5 |
| 2019-03-08 | CVE-2019-1003037 | Missing Authorization vulnerability in Jenkins Azure VM Agents An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2019-03-08 | CVE-2019-1003036 | Missing Authorization vulnerability in Jenkins Azure VM Agents A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | 4.3 |
| 2019-03-08 | CVE-2019-1003035 | Missing Authorization vulnerability in Jenkins Azure VM Agents An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration. | 4.3 |
| 2019-03-05 | CVE-2019-9574 | Missing Authorization vulnerability in Mishubd WP Human Resource Management The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | 7.5 |
| 2019-03-01 | CVE-2019-9482 | Missing Authorization vulnerability in Misp 2.4.102 In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. | 5.3 |
| 2019-02-22 | CVE-2019-9002 | Missing Authorization vulnerability in multiple products An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. | 9.8 |