Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2016-09-21 CVE-2016-7143 Improper Authorization vulnerability in multiple products
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
network
high complexity
debian charybdis-project CWE-285
8.1
2016-09-18 CVE-2016-0922 Improper Authorization vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
network
low complexity
emc CWE-285
critical
9.8
2016-09-14 CVE-2016-3352 Improper Authorization vulnerability in Microsoft Windows 10, Windows 8.1 and Windows RT 8.1
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-285
8.8
2016-09-07 CVE-2016-6825 Improper Authorization vulnerability in Huawei products
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."
network
low complexity
huawei CWE-285
critical
9.8
2016-08-31 CVE-2016-5676 Improper Authorization vulnerability in multiple products
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
network
low complexity
netgear nuuo CWE-285
7.5
2016-08-24 CVE-2016-5799 Improper Authorization vulnerability in Moxa Oncell G3001 Firmware and Oncell G3100V2 Firmware
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
moxa CWE-285
critical
9.8
2016-08-10 CVE-2016-5420 Improper Authorization vulnerability in multiple products
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
network
low complexity
debian haxx opensuse CWE-285
7.5
2016-07-28 CVE-2016-4531 Improper Authorization vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
network
low complexity
rockwellautomation CWE-285
7.3
2016-07-23 CVE-2016-1711 Improper Authorization vulnerability in Google Chrome
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google CWE-285
8.8
2016-07-23 CVE-2016-1710 Improper Authorization vulnerability in Google Chrome
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google CWE-285
8.8