Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-22892 1Smartbear 1Zephyr Enterprise Mar 4, 2025 Mar 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
CVE-2022-46257 1Github 1Enterprise Server Nov 21, 2024 Mar 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those rep...Show more An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.Show less
CVE-2023-20061 1Cisco 4Packaged Contact Center Enterprise Unified Contact Center EnterpriseUnified Contact Center Express+1 more Nov 21, 2024 Mar 3, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. C...Show more Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.Show less
CVE-2023-25536 1Dell 1Powerscale Onefs Nov 21, 2024 Mar 2, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to...Show more Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover. Show less
CVE-2023-25544 1Dell 1Emc Networker Nov 21, 2024 Mar 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launc...Show more Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. Show less
CVE-2023-24567 1Dell 1Emc Networker Nov 21, 2024 Mar 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch tar...Show more Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. Show less
CVE-2023-22777 1Arubanetworks 2Arubaos Sd Wan Mar 7, 2025 Mar 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying o...Show more An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. Show less
CVE-2023-22775 1Arubanetworks 2Arubaos Sd Wan Mar 7, 2025 Mar 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the use...Show more A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. Show less
CVE-2023-26041 1Nextcloud 1Nextcloud Talk Nov 21, 2024 Feb 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by t...Show more Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available. Show less
CVE-2023-23501 1Apple 1Macos Nov 21, 2024 Feb 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory.
CVE-2023-27265 1Mattermost 1Mattermost Server Nov 21, 2024 Feb 27, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in t...Show more Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. Show less
CVE-2022-44310 1Ecdh Project 1Ecdh Mar 12, 2025 Feb 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
CVE-2023-0481 1Quarkus 1Quarkus Mar 12, 2025 Feb 24, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
CVE-2023-26081 2Fedoraproject Gnome 2Epiphany Fedora Mar 18, 2025 Feb 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVE-2022-39952 1Fortinet 1Fortinac Nov 21, 2024 Feb 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow...Show more A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.Show less
CVE-2023-25192 1Ami 1Megarac Sp X Mar 19, 2025 Feb 15, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.
CVE-2023-21714 1Microsoft 2365 Apps Office Long Term Servicing Channel Nov 21, 2024 Feb 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Microsoft Office Information Disclosure Vulnerability
CVE-2023-21687 1Microsoft 3Windows 11 21h2 Windows 11 22h2Windows Server 2022 Nov 21, 2024 Feb 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HTTP.sys Information Disclosure Vulnerability
CVE-2023-24523 1Sap 1Host Agent Nov 21, 2024 Feb 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operat...Show more An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. Show less
CVE-2022-34387 1Dell 2Supportassist For Business Pcs Supportassist For Home Pcs Nov 21, 2024 Feb 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potenti...Show more Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. Show less

Previous 1...131415...36 Next