Falhas do tipo CWE-358

105 resultados
CVE-2024-7965HIGHInappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption EPSS 17.2%KEVCVE-2024-2174HIGHInappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruptionEPSS 12.6%CVE-2019-6742CRITICALThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. AutEPSS 5.9%CVE-2018-0268A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remEPSS 5.4%CVE-2020-25686A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the sameEPSS 4.9%CVE-2020-25684A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() EPSS 4.1%CVE-2017-15107A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be imEPSS 2.7%CVE-2017-15105A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record cEPSS 2.7%CVE-2018-16860HIGHA flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up tEPSS 2.5%CVE-2016-8614MEDIUMA flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary toEPSS 2.5%CVE-2018-16857HIGHSamba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of paEPSS 2.3%CVE-2017-2611MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workEPSS 2.1%CVE-2016-8635MEDIUMIt was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attackerEPSS 2.0%CVE-2021-3448MEDIUMA flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a EPSS 2.0%CVE-2017-12303A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (EPSS 1.6%CVE-2022-25152CRITICALITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvalsEPSS 1.6%CVE-2017-2612MEDIUMIn Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in futuEPSS 1.6%CVE-2019-3894MEDIUMIt was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run thEPSS 1.5%CVE-2019-3806MEDIUMAn issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received EPSS 1.5%CVE-2017-2604MEDIUMIn Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently pEPSS 1.4%