Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-25 | CVE-2023-41296 | Missing Authorization vulnerability in Huawei Emui and Harmonyos Vulnerability of missing authorization in the kernel module. | 9.1 |
2023-09-20 | CVE-2023-43135 | Missing Authorization vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 |
2023-09-20 | CVE-2023-43134 | Missing Authorization vulnerability in Netis-Systems 360R Firmware 1.3.4517 There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 |
2023-09-20 | CVE-2023-43501 | Missing Authorization vulnerability in Jenkins Build Failure Analyzer A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | 6.5 |
2023-09-15 | CVE-2023-0923 | Missing Authorization vulnerability in Redhat Openshift Data Science A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. | 9.8 |
2023-09-13 | CVE-2023-42469 | Missing Authorization vulnerability in Fulldive Full Dialer 1.0.1 The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component. | 3.3 |
2023-09-12 | CVE-2023-39073 | Missing Authorization vulnerability in Voltronicpower Snmp web PRO 1.1 An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. | 9.8 |
2023-09-11 | CVE-2023-35665 | Missing Authorization vulnerability in Google Android In multiple files, there is a possible way to import a contact from another user due to a missing permission check. | 7.8 |
2023-09-11 | CVE-2023-36140 | Missing Authorization vulnerability in PHPjabbers Cleaning Business Software 1.0 In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | 9.8 |
2023-09-11 | CVE-2023-4104 | Missing Authorization vulnerability in Mozilla VPN 2.16.0 An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. | 5.5 |