Falhas do tipo CWE-285

1.285 resultados

CVE-2020-24674HIGHImproper Authorization in Symphony PlusEPSS 2.9%CVE-2019-13550—In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cauEPSS 2.8%CVE-2026-10580CRITICALHippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST APIEPSS 2.8%CVE-2019-14870MEDIUMAll Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegaEPSS 2.8%CVE-2018-0391—A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cEPSS 2.7%CVE-2017-7484—It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before EPSS 2.6%CVE-2021-36029CRITICALMagento Commerce Improper Authorization Vulnerability Could Lead To Remote Code ExecutionEPSS 2.5%CVE-2021-37705CRITICALImproper Authorization and Origin Validation Error in OneFuzzEPSS 2.4%CVE-2018-15465HIGHCisco Adaptive Security Appliance Software Privilege Escalation VulnerabilityEPSS 2.4%CVE-2021-32688HIGHApplication specific tokens can change their own scopeEPSS 2.3%CVE-2020-17517—Ozone S3 Gateway allows bucket and key access to non authenticated usersEPSS 2.3%CVE-2022-0860HIGHImproper Authorization in cobbler/cobblerEPSS 2.3%CVE-2024-36130CRITICALAn insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network toEPSS 2.3%CVE-2024-43602CRITICALAzure CycleCloud Remote Code Execution VulnerabilityEPSS 2.2%CVE-2016-7071HIGHIt was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remoteEPSS 2.2%CVE-2018-1082—A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but laterEPSS 2.1%CVE-2019-17631—From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without aEPSS 2.1%CVE-2020-3386HIGHCisco Data Center Network Manager Improper Authorization VulnerabilityEPSS 2.0%CVE-2015-3954—Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, versionEPSS 2.0%CVE-2020-3374CRITICALCisco SD-WAN vManage Software Authorization Bypass VulnerabilityEPSS 1.9%

← anteriorpágina 3 / 65próxima →