Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-668

CWE-668

Exposure of Resource to Wrong Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

719 vulnerabilities with CWE-668

CVE-2020-35215 MEDIUM

Atomix 3.1.5 - Unauthenticated Sensitive Information Exposure via Distributed Variable Primitive Query

CVE-2020-12488 MEDIUM

vivo jovi_smart_scene < 6.2.2.52 - Unauthenticated Sensitive Information Exposure via Command Injection

CVE-2020-11303 HIGH

Qualcomm APQ8009 Firmware - Information Disclosure via AMSDU Frame Handling

CVE-2020-28145 HIGH

wuzhicms 4.0.1 - Arbitrary File Deletion via Attachment Admin Endpoint

CVE-2020-21503 HIGH

waimai Super Cms 20150505 - Unauthenticated Price Manipulation via Credit Parameter

CVE-2020-14130 MEDIUM

Xiaomi Community App < 3.0.210809 - Exposure of Sensitive Functions via JavaScript Interface

CVE-2020-19155 HIGH

Jfinal CMS <4.7.1 - Info Disclosure & RCE

CVE-2020-18972 MEDIUM

PoDoFo 0.9.6 - Exposure of Sensitive Information via IsNextToken in PdfTokenizer

CVE-2020-18754 HIGH

Dut Computer Control Engineering Co.'s PLC MAC1100 - Info Disclosure

CVE-2020-21356 MEDIUM

PopojiCMS 1.2 - Information Disclosure via File Upload Parameter Manipulation

CVE-2020-22535 MEDIUM

PbootCMS 2.0.6 - Incorrect Access Control via Update Function List Parameter

CVE-2020-27361 HIGH

Akkadian Provisioning Manager <4.50.02 - Info Disclosure

CVE-2020-18647 HIGH

NoneCMS 1.3 - Information Disclosure via /nonecms/vendor Component

CVE-2020-18646 HIGH

NoneCMS 1.3 - Information Disclosure via /public/index.php

CVE-2020-24511 MEDIUM

Intel(R) Processors - Info Disclosure

CVE-2020-36319 LOW

Vaadin Flow 3.0.0-3.0.5 & Vaadin 15.0.0-15.0.4 Sensitive Information Exposure via Insecure ObjectMapper

CVE-2020-10581 HIGH

Invigo Automatic Device Management < 5.0 - Unauthenticated Sensitive Data Exposure via Session Validity Check Issues

CVE-2020-27872 HIGH

NETGEAR R7450 <1.2.0.62_1.0.1 - Auth Bypass

CVE-2020-26272 MEDIUM

Electron <9.4.0, 10.2.0, 11.1.0, 12.0.0-beta.9 - Info Disclosure

CVE-2020-26186 MEDIUM

Dell Inspiron 5675 <1.4.1 - Code Injection

CVE-2020-16268 HIGH

1E Client 4.1.0.267 and 5.0.0.745 - Authenticated Privilege Escalation via MSI Repair Option

CVE-2020-26261 HIGH

jupyterhub-systemdspawner < 0.15 - Unauthenticated User API Token Exposure via Systemd Environment

CVE-2020-8698 MEDIUM

Intel(R) Processors - Info Disclosure

CVE-2020-26086 MEDIUM

Cisco TelePresence Collaboration Endpoint < 9.14.3 - Authenticated Sensitive Information Exposure via xAPI

CVE-2020-26084 MEDIUM

Cisco Edge Fog Fabric < 1.7.4 - Authenticated Arbitrary File Write via REST API

Previous Page 22 of 29 Next

Details

Vulnerabilities 719

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy