Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-41296 Missing Authorization vulnerability in Huawei Emui and Harmonyos
Vulnerability of missing authorization in the kernel module.
network
low complexity
huawei CWE-862
critical
9.1
2023-09-20 CVE-2023-43135 Missing Authorization vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
network
low complexity
tp-link CWE-862
critical
9.8
2023-09-20 CVE-2023-43134 Missing Authorization vulnerability in Netis-Systems 360R Firmware 1.3.4517
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
network
low complexity
netis-systems CWE-862
critical
9.8
2023-09-20 CVE-2023-43501 Missing Authorization vulnerability in Jenkins Build Failure Analyzer
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
network
low complexity
jenkins CWE-862
6.5
2023-09-15 CVE-2023-0923 Missing Authorization vulnerability in Redhat Openshift Data Science
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API.
network
low complexity
redhat CWE-862
critical
9.8
2023-09-13 CVE-2023-42469 Missing Authorization vulnerability in Fulldive Full Dialer 1.0.1
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.
local
low complexity
fulldive CWE-862
3.3
2023-09-12 CVE-2023-39073 Missing Authorization vulnerability in Voltronicpower Snmp web PRO 1.1
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.
network
low complexity
voltronicpower CWE-862
critical
9.8
2023-09-11 CVE-2023-35665 Missing Authorization vulnerability in Google Android
In multiple files, there is a possible way to import a contact from another user due to a missing permission check.
local
low complexity
google CWE-862
7.8
2023-09-11 CVE-2023-36140 Missing Authorization vulnerability in PHPjabbers Cleaning Business Software 1.0
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.
network
low complexity
phpjabbers CWE-862
critical
9.8
2023-09-11 CVE-2023-4104 Missing Authorization vulnerability in Mozilla VPN 2.16.0
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux.
local
low complexity
mozilla CWE-862
5.5