Weaknesses of type CWE-863

2,080 results

CVE-2024-56431CRITICALoc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by thEPSS 1.8%CVE-2021-41571—Pulsar Admin API allows access to data from other tenants using getMessageById APIEPSS 1.8%CVE-2021-36039MEDIUMMagento Commerce `quoteId` parameter Incorrect Authorization Vulnerability Could Lead To Information DisclosureEPSS 1.7%CVE-2023-21719MEDIUMMicrosoft Edge (Chromium-based) Security Feature Bypass VulnerabilityEPSS 1.7%CVE-2024-28098MEDIUMApache Pulsar: Improper Authorization For Topic-Level Policy ManagementEPSS 1.7%CVE-2020-15246HIGHLocal File Inclusion by unauthenticated usersEPSS 1.7%CVE-2017-8907HIGHAtlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permissEPSS 1.6%CVE-2020-36238—The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from vEPSS 1.6%CVE-2020-25699—In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles witEPSS 1.6%CVE-2017-7505—Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigEPSS 1.6%CVE-2017-9855CRITICALAn issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid GuarEPSS 1.6%CVE-2020-25722—Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flawEPSS 1.6%CVE-2022-0594—Shareaholic < 9.7.6 - Information DisclosureEPSS 1.5%CVE-2017-12197—It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid passwordEPSS 1.5%CVE-2023-23594CRITICALAn authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remEPSS 1.5%CVE-2023-47037—Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)EPSS 1.5%CVE-2024-21287HIGHVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). TEPSS 1.5%KEV CVE-2022-30203HIGHWindows Boot Manager Security Feature Bypass VulnerabilityEPSS 1.5%CVE-2021-20229—A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special queryEPSS 1.5%CVE-2023-30771CRITICALApache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbenchEPSS 1.4%

← previouspage 6 / 104next →