Fallos del tipo CWE-276
905 resultadosCVE-2023-29731HIGHSoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can lEPSS 0.8%CVE-2024-55959CRITICALNorthern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.EPSS 0.8%CVE-2023-22651CRITICALImproper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admissioEPSS 0.8%CVE-2023-38334—Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it shoEPSS 0.8%CVE-2021-34164HIGHPermissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in EPSS 0.8%CVE-2020-27228HIGHAn incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary canEPSS 0.8%CVE-2024-46054CRITICALOpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upEPSS 0.8%CVE-2022-40187HIGHForesight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP portEPSS 0.8%CVE-2023-27647HIGHAn issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the cEPSS 0.7%CVE-2023-1809HIGHDownload Manager Pro < 6.3.0 - Unauthenticated Sensitive Information DisclosureEPSS 0.7%CVE-2019-20457CRITICALAn issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authenEPSS 0.7%CVE-2022-42130MEDIUMThe Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3EPSS 0.7%CVE-2023-35080HIGHA vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploiEPSS 0.7%CVE-2021-3579HIGHIncorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exeEPSS 0.7%CVE-2023-38370HIGHIBM Security Access Manager Docker information disclosureEPSS 0.7%CVE-2022-25943—The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the servEPSS 0.7%CVE-2024-22889MEDIUMDue to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crEPSS 0.7%CVE-2022-48199HIGHSoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privilegeEPSS 0.7%CVE-2024-57604CRITICALAn issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.EPSS 0.7%CVE-2020-13535CRITICALA privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwriteEPSS 0.7%