Falhas do tipo CWE-250
328 resultadosCVE-2024-45034HIGHApache Airflow: Authenticated DAG authors could execute code on scheduler nodesEPSS 1.7%CVE-2020-14493HIGHOpenClinic GAEPSS 1.7%CVE-2024-43651CRITICALAuthenticated command injection in the <redacted> action leads to full remote code execution as root on the charging stationEPSS 1.7%CVE-2024-25421CRITICALAn issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.EPSS 1.7%CVE-2022-1517CRITICAL3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250EPSS 1.6%CVE-2024-43650CRITICALAuthenticated command injection in the <redacted> action leads to full remote code execution as root on the charging stationEPSS 1.6%CVE-2023-52030CRITICALTOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg functioEPSS 1.5%CVE-2023-2002—A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux KerneEPSS 1.5%CVE-2024-6913CRITICALExecution with Unnecessary PrivilegesEPSS 1.4%CVE-2024-43583HIGHWinlogon Elevation of Privilege VulnerabilityEPSS 1.3%CVE-2020-14386MEDIUMA flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes.EPSS 1.3%CVE-2018-5413—Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilEPSS 1.3%CVE-2024-42024CRITICALA vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution onEPSS 1.3%CVE-2024-43655CRITICALAny authenticated users can execute OS commands as root using the <redacted>.sh CGI script.EPSS 1.2%CVE-2023-4662CRITICALRCE in Saphira ConnectEPSS 1.2%CVE-2024-35154HIGHIBM WebSphere Application Server code executionEPSS 1.2%CVE-2020-2023LOWKata Containers - Containers have access to the guest root filesystem deviceEPSS 1.1%CVE-2018-10892MEDIUMThe default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw alloEPSS 1.1%CVE-2021-37174—A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCEPSS 1.1%CVE-2024-27143CRITICALPre-authenticated Remote Code ExecutionEPSS 1.1%