Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-43782 1Falktx 1Cadence Nov 21, 2024 Sep 22, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the f...Show more Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.Show less
CVE-2023-31014 1Nvidia 1Geforce Now Nov 21, 2024 Sep 20, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful expl...Show more NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.Show less
CVE-2023-40788 1Bladex 1Springblade Nov 21, 2024 Sep 19, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
CVE-2023-39056 1Coffee Jumbo Project 1Coffee Jumbo Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39049 1Youmart Tokunaga Project 1Youmart Tokunaga Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39046 1Tonton Tei Waiting Project 1Tonton Tei Waiting Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39058 1The B Members Card Project 1The B Members Card Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39043 1Ykc 1Tokushima Awayokocho Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39040 1Cheese Cafe Line Project 1Cheese Cafe Line Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39039 1Camp Style Project Line Project 1Camp Style Project Line Nov 21, 2024 Sep 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2022-20917 1Cisco 1Jabber Nov 21, 2024 Sep 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used b...Show more A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.Show less
CVE-2023-38558 1Siemens 1Simatic Pcs Neo Nov 21, 2024 Sep 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin cre...Show more A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.Show less
CVE-2023-38152 1Microsoft 5Windows Server 2008 Windows Server 2012Windows Server 2016+2 more Nov 21, 2024 Sep 12, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 DHCP Server Service Information Disclosure Vulnerability
CVE-2023-24965 1Ibm 1Aspera Faspex Nov 21, 2024 Sep 8, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
CVE-2023-41745 1Acronis 2Agent Cyber Protect Nov 21, 2024 Aug 31, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, W...Show more Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.Show less
CVE-2023-41742 1Acronis 2Agent Cyber Protect Nov 21, 2024 Aug 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) befor...Show more Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.Show less
CVE-2023-34725 1Jaycar 1La5570 Firmware Nov 21, 2024 Aug 28, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
CVE-2023-4230 1Moxa 1Iologik E4200 Firmware Nov 21, 2024 Aug 24, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulner...Show more A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.Show less
CVE-2023-39974 1Acymailing 1Acymailing Nov 21, 2024 Aug 17, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.
CVE-2023-39250 1Dell 3Replay Manager For Vmware Storage Integration Tools For VmwareStorage Vsphere Client Plugin Nov 21, 2024 Aug 16, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure v...Show more Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. Show less

Previous 1...8910...36 Next