Fallos del tipo CWE-281
210 resultadosCVE-2017-8543CRITICALMicrosoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, WinEPSS 73.8%KEVCVE-2022-1227—A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this iEPSS 4.2%CVE-2023-34034CRITICALUsing "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and SpEPSS 3.5%CVE-2020-8913HIGHLocal arbitrary code execution in splitinstall in Android's Play CoreEPSS 2.9%CVE-2021-41091MEDIUMInsufficiently restricted permissions on data directory in Docker EngineEPSS 2.7%CVE-2024-46310CRITICALIncorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposeEPSS 2.4%CVE-2021-45008HIGHPlesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the EPSS 1.9%CVE-2021-43816HIGHImproper Preservation of Permissions in containerdEPSS 1.7%CVE-2022-38577HIGHProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to eEPSS 1.6%CVE-2020-7063MEDIUMFiles added to tar with Phar::buildFromIterator have all-access permissionsEPSS 1.6%CVE-2024-29735MEDIUMApache Airflow: Potentially harmful permission changing by log task handlerEPSS 1.5%CVE-2024-28746HIGHApache Airflow: Ignored Airflow PermissionsEPSS 1.3%CVE-2023-47463CRITICALInsecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a craEPSS 1.3%CVE-2020-36070CRITICALInsecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php fiEPSS 1.1%CVE-2021-3495—An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker wEPSS 1.0%CVE-2023-25812MEDIUMAllowed DELETE on resources on object locked buckets under Governance mode in MinioEPSS 1.0%CVE-2020-18329HIGHAn issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauEPSS 0.9%CVE-2024-54879CRITICALSeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members iEPSS 0.9%CVE-2024-54880CRITICALSeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts EPSS 0.9%CVE-2024-54465CRITICALA logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileEPSS 0.9%