Fallos del tipo CWE-267
64 resultadosCVE-2025-41244HIGHVMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)EPSS 7.6%KEVCVE-2024-42365HIGHAsterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplanEPSS 4.7%CVE-2025-47811MEDIUMIn Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. ThEPSS 3.5%CVE-2020-29396CRITICALA sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows EPSS 3.2%CVE-2019-10169MEDIUMA flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows aEPSS 1.3%CVE-2019-10170MEDIUMA flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw alEPSS 1.2%CVE-2021-32739HIGHResults of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identitiesEPSS 1.1%CVE-2020-7824MEDIUMEricssonlg iPECS Privilege Escalation VulnerabilityEPSS 1.0%CVE-2025-53900MEDIUMKiteworks MFT has a Privilege Defined With Unsafe ActionsEPSS 1.0%CVE-2024-55968HIGHAn issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operatEPSS 0.9%CVE-2023-2983MEDIUMPrivilege Defined With Unsafe Actions in pimcore/pimcoreEPSS 0.9%CVE-2025-23015HIGHApache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actionsEPSS 0.9%CVE-2023-22647CRITICALAn Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate KEPSS 0.7%CVE-2021-44547HIGHA sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading tEPSS 0.7%CVE-2021-23166HIGHA sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and wEPSS 0.6%CVE-2021-23186HIGHA sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access andEPSS 0.6%CVE-2023-41966MEDIUMSielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe ActionsEPSS 0.6%CVE-2026-9560CRITICALPrivilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands wEPSS 0.6%CVE-2021-40354—A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter EPSS 0.6%CVE-2024-8631MEDIUMPrivilege Defined With Unsafe Actions in GitLabEPSS 0.5%