Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-668

CWE-668

Exposure of Resource to Wrong Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

719 vulnerabilities with CWE-668

CVE-2020-16263 CRITICAL

Winston Privacy 1.5.4 - Exposure of Resource to Wrong Sphere via CORS Misconfiguration

CVE-2020-26650 MEDIUM

AtomXCMS 2.0 - Arbitrary File Read via admin/dump.php

CVE-2020-15264 HIGH

Boxstarter <2.13.0 - Code Injection

CVE-2020-26868 HIGH

ARC Informatique PcVue <12.0.17 - DoS

CVE-2020-26602 HIGH

Samsung EthernetNetwork <R - Privilege Escalation

CVE-2020-13343 HIGH

GitLab 11.2.0-13.4.2 - Unauthorized Custom Project Template Exposure

CVE-2020-15215 MEDIUM

Electron <11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 - Privilege Escalation

CVE-2020-5422 MEDIUM

BOSH System Metrics Server <0.1.0 - Info Disclosure

CVE-2020-16247 MEDIUM

Philips Clinical Collaboration Platform < 12.2.1 - Unintended Resource Access

CVE-2020-25040 HIGH

Sylabs Singularity < 3.6.2 - Insecure Temporary Directory Permissions

CVE-2020-25039 HIGH

Sylabs Singularity 3.2.0-3.6.2 - Insecure Temporary Directory Permissions in Fakeroot or User Namespace

CVE-2020-16212 MEDIUM

Philips Patient Information Center iX B.02/C.02/C.03 - Unauthenticated Local Privilege Escalation

CVE-2020-5386 HIGH

Dell EMC Elastic Cloud Storage < 3.5.0.0 - Unauthenticated Sensitive Data Exposure via Directory Table Objects

CVE-2020-25073 MEDIUM

FreedomBox < 20.13 - Unauthenticated Sensitive Information Exposure via Apache /server-status

CVE-2020-13946 MEDIUM

Apache Cassandra < 2.1.22, 2.2.18, 3.0.22, 3.11.8, 4.0-beta2 - Credential Exposure via JMX RMI

CVE-2020-13472 MEDIUM

Gigadevice GD32F103 - Info Disclosure

CVE-2020-13470 MEDIUM

Gigadevice GD32F103/GD32F130 - Info Disclosure

CVE-2020-13469 MEDIUM

Gigadevice GD32VF103 - Info Disclosure

CVE-2020-11934 MEDIUM

Ubuntu Linux - Unintended Access Restriction Bypass via snapctl user-open XDG_DATA_DIRS Manipulation

CVE-2020-15816 HIGH

WD Discovery < 4.0.251.0 - Unauthenticated Remote Code Execution via DYLD Environment Variable Injection

CVE-2020-14064 MEDIUM

IceWarp Email Server 12.3.0.1 - Incorrect Access Control

CVE-2020-12020 MEDIUM

Baxter ExactaMix EM 2400 and EM1200 - Unauthorized Operating System Access via Startup Script

CVE-2020-10271 CRITICAL

MiR Robot Firmware < 2.8.1.1 - Unauthenticated ROS Computational Graph Exposure

CVE-2020-9291 MEDIUM

FortiClient < 6.0.9 - Privilege Escalation via Temporary File Symbolic Link Attack

CVE-2020-6774 CRITICAL

Bosch Recording Station Firmware - Unauthenticated Improper Access Control in Kiosk Mode

Previous Page 23 of 29 Next

Details

Vulnerabilities 719

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy