Fallos del tipo CWE-284
4370 resultadosCVE-2023-1647HIGHImproper Access Control in calcom/cal.comEPSS 0.8%CVE-2021-41298HIGHECOA BAS controller - Improper Access ControlEPSS 0.8%CVE-2024-28960HIGHAn issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandlesEPSS 0.8%CVE-2024-25501HIGHAn issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.EPSS 0.8%CVE-2024-20969MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and priEPSS 0.8%CVE-2021-23845HIGHB426 Web Configuration Authentication BypassEPSS 0.8%CVE-2023-49978HIGHIncorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions resEPSS 0.8%CVE-2022-32257CRITICALA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web servicEPSS 0.8%CVE-2025-27649CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-202EPSS 0.8%CVE-2025-0650HIGHOvn: egress acls may be bypassed via specially crafted udp packetEPSS 0.8%CVE-2021-25320CRITICALRancher: Cloud credentials can be used through proxy API by users without accessEPSS 0.8%CVE-2025-27646CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-0EPSS 0.8%CVE-2026-44007CRITICALvm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command executionEPSS 0.8%CVE-2019-13919—A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by EPSS 0.8%CVE-2026-1933HIGHSamba: missing access check on reparse point operationsEPSS 0.8%CVE-2022-4724HIGHImproper Access Control in ikus060/rdiffwebEPSS 0.8%CVE-2023-21980HIGHVulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 andEPSS 0.8%CVE-2023-0451HIGHEconolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
confiEPSS 0.8%CVE-2023-28808CRITICALSome Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. ThEPSS 0.8%CVE-2023-43336—Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modifEPSS 0.8%