Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-07-16 CVE-2021-34466 Incorrect Authorization vulnerability in Microsoft Windows 10
Windows Hello Security Feature Bypass Vulnerability
local
low complexity
microsoft CWE-863
3.6
2021-07-14 CVE-2021-33786 Incorrect Authorization vulnerability in Microsoft products
Windows LSA Security Feature Bypass Vulnerability
network
low complexity
microsoft CWE-863
6.5
2021-07-14 CVE-2021-34469 Incorrect Authorization vulnerability in Microsoft 365 Apps and Office
Microsoft Office Security Feature Bypass Vulnerability
network
microsoft CWE-863
5.8
2021-07-13 CVE-2021-36124 Incorrect Authorization vulnerability in Echobh Sharecare 8.15.5
An issue was discovered in Echo ShareCare 8.15.5.
network
low complexity
echobh CWE-863
7.5
2021-07-13 CVE-2021-33718 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). 0.0
2021-07-12 CVE-2021-36383 Incorrect Authorization vulnerability in Xen-Orchestra Xo-Server and Xo-Web
Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin.
network
low complexity
xen-orchestra CWE-863
4.0
2021-07-12 CVE-2021-22515 Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
network
low complexity
microfocus CWE-863
4.0
2021-07-09 CVE-2021-30120 Incorrect Authorization vulnerability in Kaseya VSA
Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement.
network
low complexity
kaseya CWE-863
5.0
2021-07-08 CVE-2021-25431 Incorrect Authorization vulnerability in Samsung Cameralyzer 3.2.0/3.3.0/3.4.0
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
local
low complexity
samsung CWE-863
2.1
2021-07-08 CVE-2021-25433 Incorrect Authorization vulnerability in Linux Tizen
Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.
local
low complexity
linux CWE-863
2.1