Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49344 1Ubuntubudgie 1Budgie Extras Nov 21, 2024 Dec 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local acces...Show more Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.Show less
CVE-2023-49343 1Ubuntubudgie 1Budgie Extras Nov 21, 2024 Dec 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the...Show more Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.Show less
CVE-2023-49342 1Ubuntubudgie 1Budgie Extras Nov 21, 2024 Dec 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to...Show more Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.Show less
CVE-2023-41120 1Enterprisedb 1Postgres Advanced Server Nov 21, 2024 Dec 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBM...Show more An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.Show less
CVE-2023-39171 1Enbw 1Senec Storage Box Firmware Nov 4, 2025 Dec 7, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
CVE-2023-42718 1Google 1Android Nov 21, 2024 Dec 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-42717 1Google 1Android Nov 21, 2024 Dec 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
CVE-2023-42716 1Google 1Android May 29, 2025 Dec 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
CVE-2023-42715 1Google 1Android Nov 21, 2024 Dec 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-41786 1Artica 1Pandora Fms Nov 21, 2024 Nov 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects P...Show more Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.Show less
CVE-2023-36013 1Microsoft 1Powershell Nov 21, 2024 Nov 20, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 PowerShell Information Disclosure Vulnerability
CVE-2023-36043 1Microsoft 1System Center Operations Manager Nov 21, 2024 Nov 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Open Management Infrastructure Information Disclosure Vulnerability
CVE-2023-5545 2Fedoraproject Moodle 3Extra Packages For Enterprise Linux FedoraMoodle Nov 21, 2024 Nov 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5542 2Fedoraproject Moodle 3Extra Packages For Enterprise Linux FedoraMoodle Nov 21, 2024 Nov 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-42551 1Samsung 1Account Nov 21, 2024 Nov 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
CVE-2023-42549 1Samsung 1Account Nov 21, 2024 Nov 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
CVE-2023-42547 1Samsung 1Account Nov 21, 2024 Nov 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
CVE-2023-42546 1Samsung 1Account Nov 21, 2024 Nov 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
CVE-2023-4910 1Redhat 13scale Api Management Nov 21, 2024 Nov 6, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
CVE-2023-4217 1Moxa 1Eds G503 Firmware Nov 21, 2024 Nov 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially...Show more A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. Show less

Previous 1...678...36 Next