Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46687 1Jfrog 1Artifactory Nov 21, 2024 Jul 6, 2022 N/A· v4 4.9 MEDIUM· v3 6.8 MEDIUM· v2 JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7....Show more JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.Show less
CVE-2013-4561 1Redhat 1Openshift Nov 21, 2024 Jun 30, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
CVE-2021-20551 1Ibm 1Jazz Team Server Nov 21, 2024 Jun 24, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
CVE-2022-32530 1Schneider Electric 1Geo Scada Mobile Nov 21, 2024 Jun 24, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has bee...Show more A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)Show less
CVE-2020-25459 1Webank 1Federated Ai Technology Enabler Nov 21, 2024 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process...Show more An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling.Show less
CVE-2022-28226 1Yandex 1Yandex Browser Nov 21, 2024 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directo...Show more Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.Show less
CVE-2022-31846 1Wavlink 1Wn535g3 Firmware Nov 21, 2024 Jun 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-31845 1Wavlink 1Wn535g3 Firmware Nov 21, 2024 Jun 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-29247 1Electronjs 1Electron Nov 21, 2024 Jun 13, 2022 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execu...Show more Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.Show less
CVE-2022-31649 1Owncloud 1Owncloud Nov 21, 2024 Jun 9, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
CVE-2021-36710 1Toaruos 1Toaruos Nov 21, 2024 Jun 8, 2022 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0.
CVE-2022-30734 1Samsung 1Account Nov 21, 2024 Jun 7, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
CVE-2022-30732 1Samsung 1Account Nov 21, 2024 Jun 7, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.
CVE-2022-30728 1Google 1Android Nov 21, 2024 Jun 7, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
CVE-2022-30714 1Google 1Android Nov 21, 2024 Jun 7, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
CVE-2022-28794 1Google 1Android Nov 21, 2024 Jun 7, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
CVE-2020-36532 1Klapp 1App Nov 21, 2024 Jun 7, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attac...Show more A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app.Show less
CVE-2022-26869 1Dell 1Powerstoreos Nov 21, 2024 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary c...Show more Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.Show less
CVE-2022-1467 1Aveva 2Intouch Access Anywhere Plant Scada Access Anywhere Nov 21, 2024 May 23, 2022 N/A· v4 9.9 CRITICAL· v3 8.5 HIGH· v2 Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywher...Show more Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.Show less
CVE-2022-28924 1Universis 1Universis Students Nov 21, 2024 May 18, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.

Previous 1...181920...36 Next