Falhas do tipo CWE-200

3.859 resultados

CVE-2024-24919HIGHInformation disclosureEPSS 100.0%KEV CVE-2021-34429MEDIUMFor Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the conEPSS 99.3%CVE-2021-41277CRITICALGeoJSON URL validation can expose server files and environment variables to unauthorized usersEPSS 96.9%KEV CVE-2016-2183HIGHThe DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of apprEPSS 95.7%CVE-2021-27850—Bypass of the fix for CVE-2019-0195EPSS 94.1%CVE-2022-44268MEDIUMImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have EPSS 89.9%CVE-2016-6210MEDIUMsshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the usEPSS 88.9%CVE-2016-6415HIGHThe server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5EPSS 87.7%KEV CVE-2017-5754MEDIUMSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of informationEPSS 84.2%CVE-2023-28432HIGHMinio Information Disclosure in Cluster DeploymentEPSS 84.0%KEV CVE-2023-50719HIGHXWiki Platform Solr search discloses password hashes of all usersEPSS 83.5%CVE-2021-28164MEDIUMIn Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segmEPSS 82.4%CVE-2018-0127—A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could alloEPSS 79.3%CVE-2025-30208MEDIUMVite bypasses server.fs.deny when using `?raw??`EPSS 78.6%CVE-2021-28169MEDIUMFor Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to aEPSS 78.5%CVE-2023-49103CRITICALAn issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GeEPSS 78.4%KEV CVE-2021-22145—A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrEPSS 76.2%CVE-2025-11749CRITICALAI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege EscalationEPSS 75.3%CVE-2021-39327MEDIUMBulletProof Security <= 5.1 Sensitive Information DisclosureEPSS 72.3%CVE-2020-3259HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure VulnerabilityEPSS 71.8%KEV

← anteriorpágina 1 / 193próxima →