Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-44208 | Missing Authorization vulnerability in Acronis Cyber Protect Home Office Sensitive information disclosure and manipulation due to missing authorization. | 9.1 |
| 2023-10-02 | CVE-2023-3770 | Missing Authorization vulnerability in Ingeteam Ingepac Da3451 Firmware 0.29.2.42 Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | 4.3 |
| 2023-09-30 | CVE-2023-5321 | Missing Authorization vulnerability in Hamza417 Inure Missing Authorization in GitHub repository hamza417/inure prior to build94. | 5.5 |
| 2023-09-27 | CVE-2023-43652 | Missing Authorization vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 9.1 |
| 2023-09-27 | CVE-2023-0456 | Missing Authorization vulnerability in Redhat Apicast 2.0.0 A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. | 7.5 |
| 2023-09-25 | CVE-2023-5165 | Missing Authorization vulnerability in Docker Desktop Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. | 8.8 |
| 2023-09-25 | CVE-2023-41296 | Missing Authorization vulnerability in Huawei Emui and Harmonyos Vulnerability of missing authorization in the kernel module. | 9.1 |
| 2023-09-20 | CVE-2023-43135 | Missing Authorization vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 |
| 2023-09-20 | CVE-2023-43134 | Missing Authorization vulnerability in Netis-Systems 360R Firmware 1.3.4517 There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 |
| 2023-09-20 | CVE-2023-43501 | Missing Authorization vulnerability in Jenkins Build Failure Analyzer A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | 6.5 |