CWE-668
Exposure of Resource to Wrong Sphere
Description
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Hierarchy (View 1000)
CVEs mapped to this weakness (268)
page 13 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15215 | 0.00 | — | 0.01 | Oct 6, 2020 | Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a… | |||
| CVE-2020-25040 | — | 0.00 | — | 0.02 | Sep 16, 2020 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | ||
| CVE-2020-25039 | — | 0.00 | — | 0.02 | Sep 16, 2020 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | ||
| CVE-2020-13946 | — | 0.00 | — | 0.03 | Sep 1, 2020 | In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture… | ||
| CVE-2020-15877 | — | 0.00 | — | 0.02 | Jul 21, 2020 | An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. | ||
| CVE-2020-13240 | — | 0.00 | — | 0.01 | May 20, 2020 | The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | ||
| CVE-2020-10744 | 0.00 | — | 0.00 | May 15, 2020 | An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine… | |||
| CVE-2020-1945 | — | 0.00 | — | 0.02 | May 14, 2020 | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory… | ||
| CVE-2020-10685 | 0.00 | — | 0.00 | May 11, 2020 | A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as… | |||
| CVE-2020-11610 | — | 0.00 | — | 0.01 | Apr 7, 2020 | An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting… | ||
| CVE-2019-14905 | 0.00 | — | 0.01 | Mar 31, 2020 | A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename… | |||
| CVE-2020-1733 | 0.00 | — | 0.00 | Mar 11, 2020 | A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is… | |||
| CVE-2019-10805 | — | 0.00 | — | 0.01 | Feb 28, 2020 | valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a… | ||
| CVE-2019-10790 | — | 0.00 | — | 0.02 | Feb 17, 2020 | taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB.… | ||
| CVE-2019-10781 | — | 0.00 | — | 0.01 | Jan 22, 2020 | In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. | ||
| CVE-2019-20149 | — | 0.00 | — | 0.02 | Dec 30, 2019 | ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection… | ||
| CVE-2019-16541 | 0.00 | — | 0.02 | Nov 21, 2019 | Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | |||
| CVE-2019-18954 | — | 0.00 | — | 0.01 | Nov 13, 2019 | Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name.… | ||
| CVE-2009-5042 | — | 0.00 | — | 0.01 | Oct 31, 2019 | python-docutils allows insecure usage of temporary files | ||
| CVE-2019-15138 | — | 0.00 | — | 0.02 | Sep 20, 2019 | The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. |
- CVE-2020-15215Oct 6, 2020risk 0.00cvss —epss 0.01
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a…
- CVE-2020-25040Sep 16, 2020risk 0.00cvss —epss 0.02
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
- CVE-2020-25039Sep 16, 2020risk 0.00cvss —epss 0.02
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
- CVE-2020-13946Sep 1, 2020risk 0.00cvss —epss 0.03
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture…
- CVE-2020-15877Jul 21, 2020risk 0.00cvss —epss 0.02
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
- CVE-2020-13240May 20, 2020risk 0.00cvss —epss 0.01
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
- CVE-2020-10744May 15, 2020risk 0.00cvss —epss 0.00
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine…
- CVE-2020-1945May 14, 2020risk 0.00cvss —epss 0.02
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory…
- CVE-2020-10685May 11, 2020risk 0.00cvss —epss 0.00
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as…
- CVE-2020-11610Apr 7, 2020risk 0.00cvss —epss 0.01
An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting…
- CVE-2019-14905Mar 31, 2020risk 0.00cvss —epss 0.01
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename…
- CVE-2020-1733Mar 11, 2020risk 0.00cvss —epss 0.00
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is…
- CVE-2019-10805Feb 28, 2020risk 0.00cvss —epss 0.01
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a…
- CVE-2019-10790Feb 17, 2020risk 0.00cvss —epss 0.02
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB.…
- CVE-2019-10781Jan 22, 2020risk 0.00cvss —epss 0.01
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
- CVE-2019-20149Dec 30, 2019risk 0.00cvss —epss 0.02
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection…
- CVE-2019-16541Nov 21, 2019risk 0.00cvss —epss 0.02
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
- CVE-2019-18954Nov 13, 2019risk 0.00cvss —epss 0.01
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name.…
- CVE-2009-5042Oct 31, 2019risk 0.00cvss —epss 0.01
python-docutils allows insecure usage of temporary files
- CVE-2019-15138Sep 20, 2019risk 0.00cvss —epss 0.02
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.