Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25954 3Kyocera OlivettiTriumph Adler 3Mobile Print Mobile PrintMobile Print Feb 7, 2025 Apr 13, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is...Show more KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.Show less
CVE-2023-25409 1Aten 1Pe8108 Firmware Feb 11, 2025 Apr 11, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.
CVE-2022-47338 1Google 1Android Feb 10, 2025 Apr 11, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.
CVE-2023-26588 1Buffalo 16Bs Gs2008 Firmware Bs Gs2008p FirmwareBs Gs2016 Firmware+13 more Feb 11, 2025 Apr 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03...Show more Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierShow less
CVE-2023-26458 1Sap 1Landscape Management Nov 21, 2024 Apr 11, 2023 N/A· v4 8.7 HIGH· v3 N/A· v2 An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making t...Show more An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. Show less
CVE-2023-29192 1Silverwaregames 1Silverwaregames Nov 21, 2024 Apr 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.
CVE-2023-1777 1Mattermost 1Mattermost Server Nov 21, 2024 Mar 31, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
CVE-2023-1775 1Mattermost 1Mattermost Server Nov 21, 2024 Mar 31, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users...Show more When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients. Show less
CVE-2023-28336 2Fedoraproject Moodle 2Fedora Moodle Nov 21, 2024 Mar 23, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVE-2023-1402 1Moodle 1Moodle Nov 21, 2024 Mar 23, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
CVE-2023-28433 1Minio 1Minio Nov 21, 2024 Mar 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement acros...Show more Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.Show less
CVE-2023-1562 1Mattermost 1Mattermost Nov 21, 2024 Mar 22, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.
CVE-2020-22647 1Smartconrtactgames Project 1Smartconrtactgames Feb 26, 2025 Mar 16, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions.
CVE-2023-24906 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24870 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24866 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24863 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-23409 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Mar 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVE-2023-23394 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Mar 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVE-2023-25802 1Roxy Wi 1Roxy Wi Nov 21, 2024 Mar 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor...Show more Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.Show less

Previous 1...121314...36 Next