Falhas do tipo CWE-284

4.460 resultados
CVE-2025-60982MEDIUMIDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected EPSS 0.2%CVE-2022-39889MEDIUMImproper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to accessEPSS 0.2%CVE-2023-28396MEDIUMImproper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable deEPSS 0.2%CVE-2022-41261MEDIUMSAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensiEPSS 0.2%CVE-2023-31019HIGHCVEEPSS 0.2%CVE-2026-41847MEDIUMSpring Framework Security Filter Bypass in WebFlux Kotlin Router DSLEPSS 0.2%CVE-2021-43986MEDIUMICSA-22-109-03 FANUC ROBOGUIDE Simulation PlatformEPSS 0.2%CVE-2025-20076LOWImproper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentialEPSS 0.2%CVE-2023-42957LOWA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. AnEPSS 0.2%CVE-2026-11190MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malEPSS 0.2%CVE-2024-54565MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.EPSS 0.2%CVE-2024-54559MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.EPSS 0.2%CVE-2026-35244MEDIUMVulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supportedEPSS 0.2%CVE-2022-38388MEDIUMIBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access controlEPSS 0.2%CVE-2023-20579MEDIUMImproper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections EPSS 0.2%CVE-2023-3039HIGH SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentiallyEPSS 0.2%CVE-2024-41605HIGHIn Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a TrojanEPSS 0.2%CVE-2023-43079HIGH Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privilegeEPSS 0.2%CVE-2025-61761MEDIUMVulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). TheEPSS 0.2%CVE-2022-41769MEDIUMImproper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enaEPSS 0.2%