Falhas do tipo CWE-276
904 resultadosCVE-2013-0632CRITICALadministrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrEPSS 93.7%KEVCVE-2023-29919CRITICALSolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is notEPSS 60.2%CVE-2021-3437CRITICALPotential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denEPSS 15.6%CVE-2022-22948MEDIUMThe vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administEPSS 13.9%KEVCVE-2024-57684CRITICALAn access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DEPSS 13.7%CVE-2018-14335MEDIUMAn issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outEPSS 13.4%CVE-2024-39924HIGHAn issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authoriEPSS 13.1%CVE-2023-29923MEDIUMPowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.EPSS 9.5%CVE-2020-7943—Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contaEPSS 7.9%CVE-2023-26918CRITICALDiasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be eEPSS 6.1%CVE-2023-20178HIGHA vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client SoftwarEPSS 5.5%CVE-2006-5014HIGHUnspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1EPSS 3.8%CVE-2022-27773CRITICALA privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevEPSS 2.6%CVE-2023-25355HIGHCoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon`EPSS 2.5%CVE-2019-14861MEDIUMAll Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPCEPSS 2.3%CVE-2023-40076MEDIUMIn createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypaEPSS 2.3%CVE-2017-11156—Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which EPSS 2.2%CVE-2018-8848—Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an objectEPSS 2.0%CVE-2024-26280MEDIUMApache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)EPSS 1.9%CVE-2020-29491CRITICALDell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potEPSS 1.8%