Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-11-22 CVE-2017-8216 Incorrect Authorization vulnerability in Huawei P10 Lite Firmware Warsawal00C00B180
Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability.
local
low complexity
huawei CWE-863
5.5
2017-11-22 CVE-2017-8196 Incorrect Authorization vulnerability in Huawei Fusionsphere V100R006C00Spc102(Nfv)
FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability.
local
low complexity
huawei CWE-863
4.2
2017-11-22 CVE-2017-8192 Incorrect Authorization vulnerability in Huawei Fusionsphere Openstack V100R006C00
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability.
local
low complexity
huawei CWE-863
7.8
2017-11-14 CVE-2017-3891 Incorrect Authorization vulnerability in Blackberry QNX Software Development Platform 6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
network
high complexity
blackberry CWE-863
8.1
2017-11-02 CVE-2017-12261 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.
local
low complexity
cisco CWE-863
7.8
2017-10-27 CVE-2017-5060 Incorrect Authorization vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google redhat CWE-863
6.5
2017-10-19 CVE-2017-10379 Incorrect Authorization vulnerability in multiple products
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs).
network
low complexity
oracle mariadb debian redhat netapp CWE-863
6.5
2017-08-14 CVE-2017-9653 Incorrect Authorization vulnerability in Osisoft products
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017.
network
low complexity
osisoft CWE-863
critical
9.8
2017-08-10 CVE-2016-6797 Incorrect Authorization vulnerability in multiple products
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.
network
low complexity
apache oracle debian netapp canonical redhat CWE-863
7.5
2017-08-08 CVE-2017-8633 Incorrect Authorization vulnerability in Microsoft products
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".
network
high complexity
microsoft CWE-863
7.5