Fallos del tipo CWE-284

4356 resultados
CVE-2025-33056HIGHWindows Local Security Authority (LSA) Denial of Service VulnerabilityEPSS 1.4%CVE-2019-3942Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can usEPSS 1.4%CVE-2020-12493CRITICALCritical Vulnerability in SWARCO CPU LS4000EPSS 1.4%CVE-2018-15631MEDIUMImproper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticaEPSS 1.4%CVE-2019-6140A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybEPSS 1.4%CVE-2019-5487An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with ElasEPSS 1.4%CVE-2019-7475A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to accessEPSS 1.4%CVE-2025-47962HIGHWindows SDK Elevation of Privilege VulnerabilityEPSS 1.4%CVE-2023-50783Apache Airflow: Improper access control vulnerability on the "varimport" endpointEPSS 1.4%CVE-2021-40112CRITICALCisco Catalyst PON Series Switches Optical Network Terminal VulnerabilitiesEPSS 1.4%CVE-2025-0481MEDIUMD-Link DIR-878 HTTP POST Request dllog.cgi information disclosureEPSS 1.4%CVE-2022-32158CRITICALSplunk Enterprise deployment servers allow client publishing of forwarder bundlesEPSS 1.4%CVE-2023-45209MEDIUMAn information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.EPSS 1.4%CVE-2025-33072HIGHMicrosoft msagsfeedback.azurewebsites.net Information Disclosure VulnerabilityEPSS 1.4%CVE-2025-55749HIGHThe XWiki Jetty package (XJetty) allows accessing any application file through URLEPSS 1.4%CVE-2022-21706HIGHMulti-use invitations can grant access to other organizations in ZulipEPSS 1.4%CVE-2020-25701If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would eEPSS 1.4%CVE-2019-7476A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. ThiEPSS 1.4%CVE-2020-3482MEDIUMCisco Expressway Software Unauthorized Access Information Disclosure VulnerabilityEPSS 1.4%CVE-2026-4180MEDIUMD-Link DIR-816 goahead redirect.asp access controlEPSS 1.4%