Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-668

CWE-668

Exposure of Resource to Wrong Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

719 vulnerabilities with CWE-668

CVE-2020-6490 MEDIUM

Google Chrome < 83.0.4103.61 - Cross-Origin Data Leak via Loader Insufficient Data Validation

CVE-2020-13240 MEDIUM

Dolibarr 11.0.4 - Stored Cross-Site Scripting via File Extension Bypass

CVE-2020-11931 LOW

pulseaudio < 1.8.0 - Improper Access Control via Snap Policy Module Unload

CVE-2020-1945 MEDIUM

Apache Ant 1.1-1.9.14 and 1.10.0-1.10.7 - Information Disclosure and Arbitrary File Write via Temporary Directory

CVE-2020-12687 MEDIUM

Serpico < 1.3.3 - Authenticated Exposure of Resource to Wrong Sphere via Admin Attachments Backup Endpoint

CVE-2020-3315 MEDIUM

Cisco Firepower Threat Defense < 6.6.0 - Unauthenticated File Policy Bypass via Crafted HTTP Packets

CVE-2020-12142 MEDIUM

Silver Peak Unity Orchestrator <8.9.2 - Authenticated IPSec UDP Key Material Exposure via CLI and REST APIs

CVE-2020-5887 CRITICAL

BIG-IP VE <15.1.0.1 - Privilege Escalation

CVE-2020-6442 MEDIUM

Google Chrome < 81.0.4044.92 - Cross-Origin Data Leak via Cache Implementation

CVE-2020-11610 HIGH

xdLocalStorage < 2.0.5 - Exposure of Sensitive Data via Wildcard TargetOrigin in postMessage

CVE-2020-11582 HIGH

Pulse Secure Pulse Connect Secure < 2020-04-06 - Unauthenticated Resource Exposure via Host Checker Applet

CVE-2020-10867 CRITICAL

Avast Antivirus < 20.0 - Unauthenticated Task Access Bypass via aswTask RPC Endpoint

CVE-2020-10238 HIGH

Joomla! < 3.9.16 - Incorrect Access Control in com_templates

CVE-2020-1981 HIGH

PAN-OS 8.1.0-8.1.12 - Local Privilege Escalation via Predictable Temporary Filename

CVE-2020-8449 HIGH

Squid < 4.10 - Security Filter Bypass via Crafted HTTP Request

CVE-2020-8121 HIGH

Nextcloud Server <14.0.4 - Info Disclosure

CVE-2020-7912 MEDIUM

JetBrains YouTrack <2019.2.59309 - Info Disclosure

CVE-2019-9011 MEDIUM

Pilz PMC 3.x < 3.5.17 - Username Enumeration

CVE-2019-8702 MEDIUM

iPhone OS < 12.4 and macOS < 10.14.6 - Unauthorized Persistent Account Identifier Exposure

CVE-2019-9475 MEDIUM

Android 10 - Local Information Disclosure via /proc/net Permissions Bypass

CVE-2019-20853 CRITICAL

Mattermost Packages < 5.16.3 - Exposure of Resource to Wrong Sphere

CVE-2019-14905 MEDIUM

Ansible Engine < 2.7.16 - OS Command Injection via nxos_file_copy Module

CVE-2019-5159 HIGH

WAGO e!COCKPIT <1.6.0.7 - Code Injection

CVE-2019-10805 HIGH

valib.js < 2.0.0 - Internal Property Tampering via hasOwnProperty Override

CVE-2019-10790 HIGH

taffydb <= 2.7.3 - Unauthenticated Data Access via Index Forgery

Previous Page 24 of 29 Next

Details

Vulnerabilities 719

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy