Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-18068 1Raspberrypi 1Raspberry Pi 3 Model B+ Firmware Nov 21, 2024 Apr 4, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor...Show more The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.Show less
CVE-2019-8934 2Opensuse Qemu 2Leap Qemu Nov 21, 2024 Mar 21, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2018-20237 1Atlassian 2Confluence Data Center Confluence Server Nov 21, 2024 Feb 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
CVE-2019-8308 3Debian FlatpakRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Feb 12, 2019 N/A· v4 8.2 HIGH· v3 4.4 MEDIUM· v2 Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2018-1840 1Ibm 1Websphere Application Server Nov 21, 2024 Dec 3, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated...Show more IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.Show less
CVE-2018-15591 1Ivanti 1Workspace Control Nov 21, 2024 Oct 15, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple uns...Show more An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.Show less
CVE-2018-8040 2Apache Debian 2Debian Linux Traffic Server Nov 21, 2024 Aug 29, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To...Show more Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.Show less
CVE-2017-12576 1Planex 1Cs Qr20 Firmware Nov 21, 2024 Aug 24, 2018 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for de...Show more An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.Show less
CVE-2018-7073 2Canonical Hp 2Moonshot Provisioning Manager Ubuntu Linux Nov 21, 2024 Aug 6, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2018-7072 1Hp 1Moonshot Provisioning Manager Nov 21, 2024 Aug 6, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2018-8861 1Philips 4 Brilliance Ct Big Bore Firmware Brilliance Firmware 64Brilliance Ict Firmware+1 more Nov 21, 2024 May 4, 2018 N/A· v4 8.7 HIGH· v3 6.8 MEDIUM· v2 Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2....Show more Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.Show less
CVE-2018-10361 1Kde 1Ktexteditor Nov 21, 2024 Apr 25, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged...Show more An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.Show less
CVE-2017-0367 2Debian Mediawiki 2Debian Linux Mediawiki Nov 21, 2024 Apr 13, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2017-18129 1Qualcomm 5Mdm9206 Firmware Mdm9607 FirmwareMsm8996 Firmware+2 more Nov 21, 2024 Apr 11, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned...Show more In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.Show less
CVE-2017-18073 1Qualcomm 9Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+6 more Nov 21, 2024 Apr 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain acce...Show more In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.Show less
CVE-2018-7479 1Yzmcms 1Yzmcms Nov 21, 2024 Feb 26, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.
CVE-2018-6910 1Dedecms 1Dedecms Nov 21, 2024 Feb 13, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
CVE-2018-6880 1Phome 1Empirecms Nov 21, 2024 Feb 12, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
CVE-2017-15393 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Feb 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...Show more Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.Show less
CVE-2017-16610 1Netgain Systems 1Enterprise Manager Nov 21, 2024 Jan 23, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.Show less

Previous 1...32 333435 36 Next