Falhas do tipo CWE-648
63 resultadosCVE-2019-14813HIGHA flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged EPSS 11.4%CVE-2024-8785CRITICALWhatsUp Gold Registry Overwrite Remote Code Execution VulnerabilityEPSS 9.5%CVE-2026-20122MEDIUMCisco Catalyst SD-WAN Manager Arbitrary File Overwrite VulnerabilityEPSS 7.0%KEVCVE-2025-54766MEDIUMKL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive InformationEPSS 6.5%CVE-2025-54765MEDIUMKL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to AdministratorEPSS 6.5%CVE-2025-54767MEDIUMKL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of ServiceEPSS 5.0%CVE-2019-1010178—Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component iEPSS 4.6%CVE-2019-14811HIGHA flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileEPSS 3.8%CVE-2025-54768MEDIUMKL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive InformationEPSS 3.7%CVE-2019-14869HIGHA flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its priviEPSS 3.4%CVE-2022-2023CRITICALIncorrect Use of Privileged APIs in polonel/trudeskEPSS 3.0%CVE-2025-54769HIGHKL-001-2025-016: Xorux LPAR2RRD File Upload Directory TraversalEPSS 2.9%CVE-2019-3838HIGHIt was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PoEPSS 2.6%CVE-2019-3835HIGHIt was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScriptEPSS 2.6%CVE-2019-14812HIGHA flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privilegEPSS 2.5%CVE-2019-10216HIGHIn ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAEPSS 2.3%CVE-2019-14817HIGHA flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privEPSS 2.0%CVE-2019-3839HIGHIt was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially EPSS 1.8%CVE-2022-20956HIGHA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker EPSS 1.3%CVE-2024-11068CRITICALD-Link DSL6740C - Incorrect Use of Privileged APIsEPSS 1.2%