Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-1918 1Qualcomm 30Qca6391 Firmware Qcm6490 FirmwareQcs6490 Firmware+27 more May 22, 2025 Jan 3, 2022 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2020-20948 1Jeecg 1Jeecg Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
CVE-2021-45708 1Abomonation Project 1Abomonation Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
CVE-2019-8702 1Apple 3Iphone Os Mac Os XTvos Nov 21, 2024 Dec 23, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a...Show more This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.Show less
CVE-2021-21878 1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 4.9 MEDIUM· v3 6.8 MEDIUM· v2 A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion...Show more A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.Show less
CVE-2020-35215 1Atomix 1Atomix Nov 21, 2024 Dec 16, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share import...Show more An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.Show less
CVE-2021-43893 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Dec 15, 2021 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
CVE-2021-43216 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Dec 15, 2021 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2021-41065 1Bopsoft 1Listary Nov 21, 2024 Dec 14, 2021 N/A· v4 7.3 HIGH· v3 4.4 MEDIUM· v2 An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically...Show more An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).Show less
CVE-2021-44524 1Siemens 2Sipass Integrated Siveillance Identity Nov 21, 2024 Dec 14, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identit...Show more A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.Show less
CVE-2021-44523 1Siemens 2Sipass Integrated Siveillance Identity Nov 21, 2024 Dec 14, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identit...Show more A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.Show less
CVE-2021-44522 1Siemens 2Sipass Integrated Siveillance Identity Nov 21, 2024 Dec 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identit...Show more A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.Show less
CVE-2021-39915 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an...Show more Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projectsShow less
CVE-2021-38931 2Ibm Netapp 2Db2 Oncommand Insight Nov 21, 2024 Dec 9, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not author...Show more IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.Show less
CVE-2021-22568 1Dart 1Dart Software Development Kit Nov 21, 2024 Dec 9, 2021 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained c...Show more When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0Show less
CVE-2021-38505 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applicati...Show more Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.Show less
CVE-2021-25515 1Google 1Android Nov 21, 2024 Dec 8, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
CVE-2021-29115 1Esri 1Arcgis Enterprise Nov 21, 2024 Dec 7, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal...Show more An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.Show less
CVE-2021-36198 1Johnsoncontrols 1Kantech Entrapass Nov 21, 2024 Dec 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.
CVE-2021-23264 1Craftercms 1Crafter Cms Nov 21, 2024 Dec 2, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.

Previous 1...222324...36 Next