Fallos del tipo CWE-284

4459 resultados
CVE-2023-2112LOWDesktop component allows lateral movement between sessionsEPSS 0.2%CVE-2025-43337MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26. An app may EPSS 0.2%CVE-2025-11634LOWTomofun Furbo 360/Furbo Mini UART information disclosureEPSS 0.2%CVE-2024-49600HIGHDell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local accEPSS 0.2%CVE-2023-28715MEDIUMImproper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated usEPSS 0.2%CVE-2025-59308MEDIUMIn Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site EPSS 0.2%CVE-2026-41243MEDIUMOpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabledEPSS 0.2%CVE-2022-41784HIGHImproper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentEPSS 0.2%CVE-2025-43369MEDIUMThis issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected uEPSS 0.2%CVE-2022-41659LOWImproper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.EPSS 0.2%CVE-2026-34323MEDIUMVulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication). Supported verEPSS 0.2%CVE-2024-33393MEDIUMAn issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the toEPSS 0.2%CVE-2025-43418MEDIUMThis issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 anEPSS 0.2%CVE-2026-11252MEDIUMInsufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionarEPSS 0.2%CVE-2023-20260MEDIUMA vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticEPSS 0.2%CVE-2024-41934MEDIUMImproper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticated user to potentially enable denial of EPSS 0.2%CVE-2026-11274MEDIUMInappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation EPSS 0.2%CVE-2025-44525MEDIUMTexas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on criEPSS 0.2%CVE-2026-34294MEDIUMVulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The suEPSS 0.2%CVE-2024-41926LOWMalicious remote can claim that a user was synced from another remoteEPSS 0.2%