Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-16 | CVE-2022-20544 | Missing Authorization vulnerability in Google Android 13.0 In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. | 4.4 |
2022-12-16 | CVE-2022-20547 | Missing Authorization vulnerability in Google Android 13.0 In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. | 7.8 |
2022-12-16 | CVE-2022-20556 | Missing Authorization vulnerability in Google Android 13.0 In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. | 3.3 |
2022-12-16 | CVE-2022-20572 | Missing Authorization vulnerability in Google Android In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. | 6.7 |
2022-12-13 | CVE-2022-20240 | Missing Authorization vulnerability in Google Android 12.0 In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. | 2.3 |
2022-12-13 | CVE-2022-4223 | Missing Authorization vulnerability in multiple products The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. | 8.8 |
2022-12-13 | CVE-2022-41272 | Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50 An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. | 8.6 |
2022-12-13 | CVE-2022-41271 | Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50 An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. | 9.4 |
2022-12-12 | CVE-2022-3946 | Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | 6.5 |
2022-12-12 | CVE-2022-3999 | Missing Authorization vulnerability in Dpdgroup Woocommerce Shipping 1.2.11 The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | 8.1 |