Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1875 1Google 1Chrome Nov 21, 2024 Jul 27, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1873 1Google 1Chrome Nov 21, 2024 Jul 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1637 1Google 1Chrome Nov 21, 2024 Jul 26, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1501 1Google 1Chrome Nov 21, 2024 Jul 26, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1498 1Google 1Chrome Nov 21, 2024 Jul 26, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1488 1Google 1Chrome Nov 21, 2024 Jul 26, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVE-2022-1137 1Google 1Chrome Nov 21, 2024 Jul 23, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML pa...Show more Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.Show less
CVE-2022-34047 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
CVE-2022-23825 4Amd DebianFedoraproject+1 more 126A10 9600p Firmware A10 9630p FirmwareA12 9700p Firmware+123 more Nov 21, 2024 Jul 14, 2022 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-34765 1Schneider Electric 2Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware Nov 21, 2024 Jul 13, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Com...Show more A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-32249 1Sap 1Business One Nov 21, 2024 Jul 12, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credent...Show more Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)Show less
CVE-2022-29901 5Debian FedoraprojectIntel+2 more 129Core I3 6100 Firmware Core I3 6100e FirmwareCore I3 6100h Firmware+126 more Nov 21, 2024 Jul 12, 2022 N/A· v4 6.5 MEDIUM· v3 1.9 LOW· v2 Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack r...Show more Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.Show less
CVE-2022-33700 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 2.3 LOW· v3 2.1 LOW· v2 Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
CVE-2022-33699 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 2.3 LOW· v3 2.1 LOW· v2 Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
CVE-2022-33698 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
CVE-2022-33696 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
CVE-2022-33694 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
CVE-2022-33692 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
CVE-2022-34464 1Siemens 4Sicam Gridedge Essential Arm Sicam Gridedge Essential Gds ArmSicam Gridedge Essential Gds Intel+1 more Nov 12, 2025 Jul 12, 2022 5.3 MEDIUM· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesy...Show more A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that file.Show less
CVE-2022-24139 1Iobit 1Advanced System Care Nov 21, 2024 Jul 6, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to...Show more In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.Show less

Previous 1...171819...36 Next