Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-668

CWE-668

Exposure of Resource to Wrong Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

719 vulnerabilities with CWE-668

CVE-2021-24775 MEDIUM

Document Embedder <1.7.5 - Info Disclosure

CVE-2021-44049 HIGH

CyberArk Endpoint Privilege Manager 11.5.3.328-11.5.4.355 - Local Privilege Escalation via Trojan Horse Procmon64.exe

CVE-2021-39628 LOW

Android 10-11 - Local Information Disclosure via StatusBar Notification Logic Error

CVE-2021-42749 MEDIUM

Beaver Themer - Unauthenticated Content Visibility Bypass via Conditional Logic

CVE-2021-39971 HIGH

HarmonyOS < 2.0 - Exposure of Resource to Wrong Sphere in Password Vault

CVE-2021-37112 MEDIUM

HarmonyOS < 2.0 - External Control of System or Configuration Setting in Hisuite Module

CVE-2021-1918 MEDIUM

Qualcomm Snapdragon Firmware - Information Exposure via Improper Resource Allocation

CVE-2021-45708 HIGH

abomination <2021-10-17 - Info Disclosure

CVE-2021-21878 MEDIUM

Lantronix PremierWave 2050 8.9.0.0R4 Authenticated Local File Inclusion

CVE-2021-43893 HIGH

Windows Encrypting File System - Privilege Escalation

CVE-2021-43216 MEDIUM

Microsoft LSA Server - Info Disclosure

CVE-2021-41065 HIGH

Listary < 6 - Unauthenticated Privilege Escalation via Named Pipe Impersonation

CVE-2021-44524 CRITICAL

SiPass integrated V2.76/V2.80/V2.85 and Siveillance Identity < V1.6.284.0 - Unauthenticated Improper Authentication

CVE-2021-44523 CRITICAL

SiPass integrated V2.76/V2.80/V2.85 and Siveillance Identity < V1.6.284.0 - Unauthenticated Database Access

CVE-2021-44522 HIGH

SiPass integrated V2.76, V2.80, V2.85 and Siveillance Identity < V1.6.284.0 - Unauthenticated Message Broker Access

CVE-2021-39915 MEDIUM

GitLab 13.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthenticated Exposure of Project Access Token Names via GraphQL API

CVE-2021-38931 MEDIUM

IBM Db2 <11.1,11.5 - Info Disclosure

CVE-2021-22568 HIGH

Dart Software Development Kit < 2.15.0 - Unauthenticated OAuth2 Token Exposure via pub publish Command

CVE-2021-38505 MEDIUM

Firefox < 94.0 and Firefox ESR < 91.3.0 - Sensitive Data Exposure via Cloud Clipboard

CVE-2021-25515 MEDIUM

SemRewardManager <SMR Dec-2021 Release 1 - Info Disclosure

CVE-2021-29115 MEDIUM

Esri ArcGIS Enterprise < 10.9 - Information Disclosure via ArcGIS Service Directory

CVE-2021-36198 HIGH

Johnsoncontrols Johnson Controls Kantech EntraPass <= 8.40 - Information Disclosure

CVE-2021-23264 HIGH

Crafter CMS 3.1.0 through 3.1.15 - Unauthenticated Remote Index Manipulation

CVE-2021-23263 MEDIUM

Crafter CMS 3.1.0-3.1.14 - Unauthenticated Sensitive File Exposure via FreeMarker

CVE-2021-38004 MEDIUM

Google Chrome <95.0.4638.69 - Info Disclosure

Previous Page 18 of 29 Next

Details

Vulnerabilities 719

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy