Fallos del tipo CWE-863

2080 resultados
CVE-2025-34273HIGHNagios Log Server < 2024R2.0.3 Non-Admin Dashboard DeletionEPSS 0.9%CVE-2019-3848MEDIUMA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event infoEPSS 0.9%CVE-2023-25547HIGH A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hackerEPSS 0.9%CVE-2025-24233CRITICALA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS VenturEPSS 0.9%CVE-2022-39958HIGHResponse body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte rangeEPSS 0.9%CVE-2022-39956HIGHPartial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding headerEPSS 0.9%CVE-2023-27954MEDIUMThe issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOEPSS 0.9%CVE-2022-0670A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire fEPSS 0.9%CVE-2022-42351MEDIUMAEM Incorrect Authorization Security feature bypassEPSS 0.9%CVE-2023-22248HIGHAdobe Commerce Incorrect Authorization Security feature bypassEPSS 0.9%CVE-2021-24851Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages AccessEPSS 0.9%CVE-2018-8927MEDIUMImproper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary eEPSS 0.9%CVE-2023-41314Apache Doris: Missing API authentication allowed DoSEPSS 0.9%CVE-2024-27312HIGHAuthorization vulnerability in PAM360EPSS 0.9%CVE-2023-35165MEDIUMAWS CDK EKS overly permissive trust policiesEPSS 0.9%CVE-2024-41140HIGHImproper AuthorizationEPSS 0.9%CVE-2020-5239HIGHUnspecified vulnerability in the fetchmail script in MailuEPSS 0.9%CVE-2020-15110MEDIUMPossible pod name collisions in jupyterhub-kubespawnerEPSS 0.9%CVE-2023-22067MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions thaEPSS 0.9%CVE-2023-24029HIGHIn Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface dEPSS 0.9%