Falhas do tipo CWE-276
904 resultadosCVE-2023-27035MEDIUMAn issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified EPSS 1.8%CVE-2020-29492CRITICALDell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potEPSS 1.7%CVE-2023-23583HIGHSequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially EPSS 1.7%CVE-2020-24402MEDIUMIncorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST APIEPSS 1.7%CVE-2024-28056CRITICALAmazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the AEPSS 1.7%CVE-2018-10604—SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwritingEPSS 1.6%CVE-2019-3689MEDIUMnfs-utils: root-owned files stored in insecure /var/lib/nfs directoryEPSS 1.5%CVE-2018-10605—Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take thEPSS 1.5%CVE-2023-23059CRITICALAn issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default iEPSS 1.5%CVE-2023-45690—Information leak via default file permissions on Titan MFT and Titan SFTP serversEPSS 1.5%CVE-2022-27649—A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby EPSS 1.4%CVE-2022-45924HIGHAn issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-priviEPSS 1.4%CVE-2018-13287MEDIUMIncorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticateEPSS 1.3%CVE-2018-13286MEDIUMIncorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authentiEPSS 1.3%CVE-2024-55215CRITICALAn issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.EPSS 1.3%CVE-2022-0336—The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those alreadEPSS 1.3%CVE-2024-27144CRITICALPre-authenticated Remote Code ExecutionEPSS 1.2%CVE-2021-21957HIGHA privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A speciallEPSS 1.2%CVE-2023-48648CRITICALConcrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. FilEPSS 1.2%CVE-2022-27651—A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker EnEPSS 1.2%