Fallos del tipo CWE-732
686 resultadosCVE-2023-32986HIGHJenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File EPSS 63.1%CVE-2018-13374MEDIUMA Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtEPSS 38.1%KEVCVE-2022-22960HIGHVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissioEPSS 37.2%KEVCVE-2019-15752HIGHDocker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exEPSS 29.6%KEVCVE-2010-0488MEDIUMMicrosoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackersEPSS 29.2%CVE-2022-43773HIGHHitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource EPSS 22.2%CVE-2026-21902CRITICALJunos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as rootEPSS 17.7%CVE-2021-22921—Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platformEPSS 7.4%CVE-2021-31475HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HFEPSS 6.5%CVE-2020-10883MEDIUMThis vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 EPSS 5.9%CVE-2023-28133—Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration fileEPSS 5.7%CVE-2024-42449HIGHFrom the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbiEPSS 5.4%CVE-2023-2478CRITICALAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 beforEPSS 5.0%CVE-2023-31874HIGHYank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').EPSS 4.9%CVE-2018-1115MEDIUMpostgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow EPSS 4.0%CVE-2021-37304HIGHAn Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive infEPSS 4.0%CVE-2021-37305HIGHAn Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive informaEPSS 3.5%CVE-2017-15906MEDIUMThe process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows aEPSS 3.4%CVE-2026-24291HIGHWindows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege VulnerabilityEPSS 3.2%CVE-2023-50292HIGHApache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated usersEPSS 3.0%