Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-R8WG-4C92-9HWQ

Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-12 00:00
VLAI
Details

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-07T18:15:00Z",
    "severity": "LOW"
  },
  "details": "Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.",
  "id": "GHSA-r8wg-4c92-9hwq",
  "modified": "2022-06-12T00:00:47Z",
  "published": "2022-06-08T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30714"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9XW-P7WJ-W792

Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2023-05-17 21:33
VLAI
Summary
n8n Information Disclosure vulnerability
Details

The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.216.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-27564"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-11T20:46:13Z",
    "nvd_published_at": "2023-05-10T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.",
  "id": "GHSA-r9xw-p7wj-w792",
  "modified": "2023-05-17T21:33:32Z",
  "published": "2023-05-10T15:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27564"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/pull/5525"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/27adea70459329fc0dddabee69e10c9d1453835f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/releases/tag/n8n%400.216.1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230622-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n Information Disclosure vulnerability"
}

GHSA-RC83-8WMP-V9VX

Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2024-04-04 05:58
VLAI
Details

Insecure temporary file in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-426",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-11T18:15:16Z",
    "severity": "HIGH"
  },
  "details": " Insecure temporary file in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n",
  "id": "GHSA-rc83-8wmp-v9vx",
  "modified": "2024-04-04T05:58:24Z",
  "published": "2023-07-11T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34119"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCHM-QQ78-745R

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-05-05 18:31
VLAI
Details

Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-rchm-qq78-745r",
  "modified": "2025-05-05T18:31:31Z",
  "published": "2022-02-11T00:00:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33096"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220210-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCVM-RQRR-GF3R

Vulnerability from github – Published: 2022-02-16 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-15T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "CobaltStrike \u003c=4.5 HTTP(S) listener does not determine whether the request URL begins with \"/\", and attackers can obtain relevant information by specifying the URL.",
  "id": "GHSA-rcvm-rqrr-gf3r",
  "modified": "2023-08-08T15:31:43Z",
  "published": "2022-02-16T00:01:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23317"
    },
    {
      "type": "WEB",
      "url": "https://donghuangt1.com/writings/Stager"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCW4-4C2J-R7WH

Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel",
  "id": "GHSA-rcw4-4c2j-r7wh",
  "modified": "2022-07-13T00:01:38Z",
  "published": "2021-12-16T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39648"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RFHV-P4Q9-P4HF

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.",
  "id": "GHSA-rfhv-p4q9-p4hf",
  "modified": "2023-08-08T15:31:37Z",
  "published": "2022-02-10T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38130"
    },
    {
      "type": "WEB",
      "url": "https://portal.microfocus.com/s/article/KM000003667"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RFX6-9FCF-X5RC

Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A",
  "id": "GHSA-rfx6-9fcf-x5rc",
  "modified": "2023-08-08T15:31:25Z",
  "published": "2021-12-16T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1045"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-11-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG37-CM33-X5HJ

Vulnerability from github – Published: 2023-08-24 09:30 – Updated: 2024-04-04 07:10
VLAI
Details

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-24T07:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.",
  "id": "GHSA-rg37-cm33-x5hj",
  "modified": "2024-04-04T07:10:26Z",
  "published": "2023-08-24T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4230"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG56-4QHP-CJ7H

Vulnerability from github – Published: 2021-12-03 00:00 – Updated: 2022-08-31 00:00
VLAI
Details

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/* (non-binary).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-02T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).",
  "id": "GHSA-rg56-4qhp-cj7h",
  "modified": "2022-08-31T00:00:21Z",
  "published": "2021-12-03T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23263"
    },
    {
      "type": "WEB",
      "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120106"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.