Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-27 | CVE-2017-1628 | Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | 4.0 |
2017-11-22 | CVE-2017-8216 | Incorrect Authorization vulnerability in Huawei P10 Lite Firmware Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. | 7.1 |
2017-11-22 | CVE-2017-8196 | Incorrect Authorization vulnerability in Huawei Fusionsphere V100R006C00Spc102(Nfv) FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. | 4.6 |
2017-11-22 | CVE-2017-8192 | Incorrect Authorization vulnerability in Huawei Fusionsphere Openstack V100R006C00 FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. | 4.6 |
2017-11-14 | CVE-2017-3891 | Incorrect Authorization vulnerability in Blackberry QNX Software Development Platform 6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | 6.8 |
2017-11-02 | CVE-2017-12261 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. | 7.2 |
2017-10-27 | CVE-2017-5060 | Incorrect Authorization vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
2017-10-19 | CVE-2017-10379 | Incorrect Authorization vulnerability in multiple products Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 4.0 |
2017-08-14 | CVE-2017-9653 | Incorrect Authorization vulnerability in Osisoft products An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 7.5 |
2017-08-10 | CVE-2016-6797 | Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. | 7.5 |