Weaknesses of type CWE-732

690 results
CVE-2020-12041The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on tEPSS 1.4%CVE-2024-28955MEDIUMAffected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine tEPSS 1.3%CVE-2022-22941HIGHAn issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheEPSS 1.3%CVE-2019-14824MEDIUMA flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configEPSS 1.3%CVE-2022-0277MEDIUMIncorrect Permission Assignment for Critical Resource in microweber/microweberEPSS 1.3%CVE-2023-24205CRITICALClash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the confEPSS 1.3%CVE-2017-2590HIGHA vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions EPSS 1.3%CVE-2019-13321MEDIUMThis vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. EPSS 1.2%CVE-2022-21694LOWOTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the websiteEPSS 1.2%CVE-2020-5369HIGHDell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. AEPSS 1.2%CVE-2023-32005MEDIUMA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flaEPSS 1.2%CVE-2023-31453HIGHApache InLong: IDOR make users can delete others' subscriptionEPSS 1.2%CVE-2023-31454HIGHApache InLong: IDOR make users can bind any clusterEPSS 1.2%CVE-2021-22669Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prEPSS 1.2%CVE-2020-5371HIGHDell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attackerEPSS 1.2%CVE-2019-3765HIGHDell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.EPSS 1.1%CVE-2023-34981HIGHApache Tomcat: AJP response header mix-upEPSS 1.1%CVE-2022-37435Apache ShenYu Admin Improper Privilege ManagementEPSS 1.1%CVE-2020-25191Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a functiEPSS 1.1%CVE-2021-25318HIGHrancher: API group not properly specified when creating Kubernetes RBAC resourcesEPSS 1.1%