Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-05-02 CVE-2016-5063 Improper Authorization vulnerability in BMC Server Automation
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
network
low complexity
bmc CWE-285
5.0
2017-04-02 CVE-2016-8776 Improper Authorization vulnerability in Huawei P9 Firmware and P9 Lite Firmware
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.
local
low complexity
huawei CWE-285
2.1
2017-03-28 CVE-2016-9464 Improper Authorization vulnerability in Nextcloud Server
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares.
network
low complexity
nextcloud CWE-285
4.0
2017-02-20 CVE-2016-7651 Improper Authorization vulnerability in Apple Iphone OS and Watchos
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-285
4.6
2017-01-12 CVE-2016-8443 Improper Authorization vulnerability in Linux Kernel 3.18
Possible unauthorized memory access in the hypervisor.
local
low complexity
linux CWE-285
7.2
2016-12-26 CVE-2016-9217 Improper Authorization vulnerability in Cisco Intercloud Fabric 2.2.1Base/2.3.1Base/3.1.1Base
A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products.
network
low complexity
cisco CWE-285
6.5
2016-12-12 CVE-2016-9938 Improper Authorization vulnerability in Digium Asterisk and Certified Asterisk
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4.
network
low complexity
digium CWE-285
5.0
2016-11-25 CVE-2016-5788 Improper Authorization vulnerability in GE products
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
network
low complexity
ge CWE-285
critical
10.0
2016-10-16 CVE-2016-7097 Improper Authorization vulnerability in Linux Kernel
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
local
low complexity
linux CWE-285
4.4
2016-10-06 CVE-2015-1000007 Improper Authorization vulnerability in Wptf-Image-Gallery Project Wptf-Image-Gallery 1.03
Remote file download vulnerability in wptf-image-gallery v1.03
network
low complexity
wptf-image-gallery-project CWE-285
5.0