Fallos del tipo CWE-276

905 resultados
CVE-2017-3209The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous userEPSS 1.2%CVE-2023-4091MEDIUMSamba: smb clients can truncate files with read-only permissionsEPSS 1.2%CVE-2026-24780HIGHAutoGPT is Vulnerable to RCE via Disabled Block ExecutionEPSS 1.1%CVE-2022-30759HIGHIn Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root priviEPSS 1.1%CVE-2022-27650A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (DoEPSS 1.1%CVE-2024-38222MEDIUMMicrosoft Edge (Chromium-based) Information Disclosure VulnerabilityEPSS 1.1%CVE-2022-44929CRITICALAn access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SEPSS 1.1%CVE-2022-32743Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.EPSS 1.1%CVE-2023-38335Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed tEPSS 1.1%CVE-2022-34824CRITICALWeak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLEPSS 1.1%CVE-2023-27195CRITICALTrimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration EPSS 1.0%CVE-2025-24238CRITICALA logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, EPSS 1.0%CVE-2022-25899CRITICALAuthentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthentiEPSS 1.0%CVE-2022-45562HIGHInsecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdooEPSS 1.0%CVE-2023-33282CRITICALMarval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valEPSS 1.0%CVE-2020-5353HIGHThe Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (EPSS 1.0%CVE-2020-10279CRITICALRVD#2569: Insecure operating system defaults in MiR robotsEPSS 1.0%CVE-2025-6264MEDIUMVelociraptor priviledge escalation via UpdateConfig artifactEPSS 1.0%CVE-2025-4660HIGHRemote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe AccessEPSS 1.0%CVE-2025-30465CRITICALA permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, EPSS 0.9%