Fallos del tipo CWE-20
4583 resultadosCVE-2020-7070MEDIUMPHP parses encoded cookie names so malicious `__Host-` cookies can be sentEPSS 5.0%CVE-2018-1061MEDIUMpython before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK meEPSS 5.0%CVE-2024-7340HIGHW&B Weave server remote arbitrary file leak and privilege escalationEPSS 5.0%CVE-2020-3218HIGHCisco IOS XE Software Web UI Remote Code Execution VulnerabilityEPSS 4.9%CVE-2020-6962—In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.XEPSS 4.9%CVE-2016-10555—Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent tEPSS 4.9%CVE-2018-14644MEDIUMAn issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type likEPSS 4.8%CVE-2018-10916MEDIUMIt has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrEPSS 4.8%CVE-2014-2532MEDIUMsshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass inEPSS 4.8%CVE-2016-8612—Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in thEPSS 4.7%CVE-2023-21607HIGHAdobe Acrobat Reader Improper Input Validation Remote Code Execution VulnerabilityEPSS 4.7%CVE-2017-2669LOWDovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the useEPSS 4.6%CVE-2019-1845HIGHCisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service VulnerabilityEPSS 4.6%CVE-2022-25167—Apache Flume vulnerable to a JNDI RCE in JMSSourceEPSS 4.6%CVE-2017-7481MEDIUMAnsible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the resultsEPSS 4.6%CVE-2018-0231—A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower ThreatEPSS 4.6%CVE-2018-0279—A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticateEPSS 4.6%CVE-2025-66959HIGHAn issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoderEPSS 4.5%CVE-2022-40773HIGHZoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows EPSS 4.5%CVE-2016-7069MEDIUMAn issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdistEPSS 4.5%