Fallos del tipo CWE-280

144 resultados

CVE-2024-24116CRITICALAn issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.EPSS 24.1%CVE-2026-20817HIGHWindows Error Reporting Service Elevation of Privilege VulnerabilityEPSS 5.3%CVE-2020-8219—An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a fulEPSS 2.2%CVE-2012-4550MEDIUMJboss enterprise application platform: jboss eap: jbeap: jboss enterprise application platform: unauthorized ejb access via authorization module bypassEPSS 2.1%CVE-2020-26195MEDIUMDell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directoEPSS 1.8%CVE-2019-6570—A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions,EPSS 1.4%CVE-2021-38312HIGHGutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletionEPSS 1.3%CVE-2023-42931HIGHThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A proceEPSS 1.2%CVE-2019-13415—Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to dataEPSS 1.0%CVE-2026-2340MEDIUMSamba: vfs_worm does not block directory modificationEPSS 0.9%CVE-2025-29826HIGHMicrosoft Dataverse Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2020-29031HIGHInsecure Direct Object Reference in GateManager WebUI can cause privilege escalationEPSS 0.7%CVE-2023-22737MEDIUMwire-server vulnerable to unauthorized removal of Bots from ConversationsEPSS 0.7%CVE-2021-37175—A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCEPSS 0.7%CVE-2020-8117—Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.EPSS 0.7%CVE-2024-29748HIGHthere is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional exeEPSS 0.7%KEV CVE-2022-4863HIGHImproper Handling of Insufficient Permissions or Privileges in usememos/memosEPSS 0.7%CVE-2024-25108CRITICALInsufficient authorization allowing elevated access to resources in pixelfedEPSS 0.7%CVE-2022-2193HIGHInsecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 autEPSS 0.7%CVE-2023-27087HIGHPermissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageLEPSS 0.6%

← anteriorpágina 1 / 8siguiente →