Fallos del tipo CWE-20

4583 resultados
CVE-2023-28130HIGHLocal user may lead to privilege escalation using Gaia Portal hostnames page.EPSS 21.4%CVE-2023-36563MEDIUMMicrosoft WordPad Information Disclosure VulnerabilityEPSS 20.9%KEVCVE-2023-24329HIGHAn issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that startEPSS 20.5%CVE-2019-15606Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisoEPSS 20.0%CVE-2023-36761MEDIUMMicrosoft Word Information Disclosure VulnerabilityEPSS 19.0%KEVCVE-2018-0147CRITICALA vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unautheEPSS 18.6%KEVCVE-2024-23469CRITICALSolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution VulnerabilityEPSS 17.9%CVE-2016-9587MEDIUMAnsible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. AEPSS 17.9%CVE-2018-0301A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the managEPSS 17.7%CVE-2022-21820MEDIUMNVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which mayEPSS 17.0%CVE-2014-0207MEDIUMThe cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5EPSS 16.9%CVE-2018-0472Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service VulnerabilityEPSS 16.2%CVE-2023-4481HIGHJunos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)EPSS 15.1%CVE-2023-23560CRITICALIn certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.EPSS 15.0%CVE-2019-7193CRITICALThis improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP EPSS 14.4%KEVCVE-2018-1058A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account couEPSS 14.1%CVE-2020-3387HIGHCisco SD-WAN vManage Software Remote Code Execution VulnerabilityEPSS 14.1%CVE-2026-41268HIGHFlowise: Flowise Parameter Override Bypass Remote Command ExecutionEPSS 13.8%CVE-2017-12240CRITICALThe DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticatEPSS 13.5%KEVCVE-2023-21434MEDIUMImproper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching EPSS 12.9%