Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

CVE-2025-12351 (GCVE-0-2025-12351)

Vulnerability from cvelistv5 – Published: 2025-10-27 15:03 – Updated: 2025-10-27 16:04
VLAI
Title
Inadequate access control measure allows unauthorized users to access restricted administrative functions
Summary
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-27T15:14:48.505227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-27T16:04:11.466Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "S35 3M/5M/8M/Pinhole/Kit Camera",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "2025.08.28",
              "status": "affected",
              "version": "2022.02.28",
              "versionType": "date"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "S35 AI Fisheye\u0026Dual Sensor/Micro Dome/Full Color Eyeball\u0026Bullet Camera",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "2025.08.22",
              "status": "affected",
              "version": "2024.08.10",
              "versionType": "date"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "S35 Thermal Camera",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "2025.08.26",
              "status": "affected",
              "version": "2024.10.21",
              "versionType": "date"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye \u0026amp; Dual Sensor/Micro Dome/Full Color Eyeball \u0026amp; Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye \u0026 Dual Sensor/Micro Dome/Full Color Eyeball \u0026 Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26)."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-22",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-22 Exploiting Trust in Client"
            }
          ]
        },
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-27T15:03:57.602Z",
        "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "shortName": "Honeywell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.honeywell.com/us/en/product-security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Inadequate access control measure allows unauthorized users to access restricted administrative functions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
    "assignerShortName": "Honeywell",
    "cveId": "CVE-2025-12351",
    "datePublished": "2025-10-27T15:03:57.602Z",
    "dateReserved": "2025-10-27T14:59:57.822Z",
    "dateUpdated": "2025-10-27T16:04:11.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9074 (GCVE-0-2025-9074)

Vulnerability from cvelistv5 – Published: 2025-08-20 13:28 – Updated: 2026-02-26 17:48
VLAI
Title
Docker Desktop allows unauthenticated access to Docker Engine API from containers
Summary
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Docker Docker Desktop Affected: 4.25 , < 4.44.3 (semver)
Create a notification for this product.
Credits
Felix Boulet zer0x64 (Philippe Dugre)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9074",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T03:55:22.374847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:24.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "technical-description"
            ],
            "url": "https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://blog.qwertysecurity.com/Articles/blog3"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-09-25T16:43:01.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://blog.qwertysecurity.com/Articles/blog3.html"
          },
          {
            "url": "https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/"
          },
          {
            "url": "https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-9074-mitigate-docker-desktop-vulnerability"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-9074-detect-docker-desktop-vulnerability"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Docker Desktop",
          "vendor": "Docker",
          "versions": [
            {
              "lessThan": "4.44.3",
              "status": "affected",
              "version": "4.25",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Felix Boulet"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "zer0x64 (Philippe Dugre)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the \"Expose daemon on tcp://localhost:2375 without TLS\" option enabled.\u003cbr\u003eThis can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the \"Expose daemon on tcp://localhost:2375 without TLS\" option enabled.\nThis can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T13:31:13.886Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "url": "https://docs.docker.com/desktop/release-notes/#4443"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Docker Desktop allows unauthenticated access to Docker Engine API from containers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2025-9074",
    "datePublished": "2025-08-20T13:28:35.553Z",
    "dateReserved": "2025-08-15T15:08:07.774Z",
    "dateUpdated": "2026-02-26T17:48:24.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8107 (GCVE-0-2025-8107)

Vulnerability from cvelistv5 – Published: 2025-07-24 07:12 – Updated: 2025-07-31 09:10
VLAI
Summary
In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands. This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
  • CWE-269 - Improper Privilege Management
Assigner
OB
References
Impacted products
Vendor Product Version
OB OceanBase Server Affected: 3.2.4.x , < 3.2.4.8 (rpm)
Affected: 4.2.1 x , < 4.2.1.10 (rpm)
Affected: 4.2.x , < 4.2.5 (rpm)
Affected: 4.3.3.x , < 4.3.3.2 (rpm)
Unaffected: 4.3.4 (rpm)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T13:17:13.783053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T13:17:17.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Oracle Tenant Mode"
          ],
          "product": "OceanBase Server",
          "vendor": "OB",
          "versions": [
            {
              "lessThan": "3.2.4.8",
              "status": "affected",
              "version": "3.2.4.x",
              "versionType": "rpm"
            },
            {
              "lessThan": "4.2.1.10",
              "status": "affected",
              "version": "4.2.1 x",
              "versionType": "rpm"
            },
            {
              "lessThan": "4.2.5",
              "status": "affected",
              "version": "4.2.x",
              "versionType": "rpm"
            },
            {
              "lessThan": "4.3.3.2",
              "status": "affected",
              "version": "4.3.3.x",
              "versionType": "rpm"
            },
            {
              "status": "unaffected",
              "version": "4.3.4",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn OceanBase\u0027s Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eThis vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.\u003c/p\u003e"
            }
          ],
          "value": "In OceanBase\u0027s Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.\n\n\n\n\nThis vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:A/MAC:L/MPR:L/MUI:N/MS:U/MC:L/MI:L/MA:L"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-31T09:10:09.184Z",
        "orgId": "7f247420-63a8-4d59-ac93-d85dd04cd014",
        "shortName": "OB"
      },
      "references": [
        {
          "url": "https://github.com/oceanbase/oceanbase/security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f247420-63a8-4d59-ac93-d85dd04cd014",
    "assignerShortName": "OB",
    "cveId": "CVE-2025-8107",
    "datePublished": "2025-07-24T07:12:13.878Z",
    "dateReserved": "2025-07-24T07:08:14.587Z",
    "dateUpdated": "2025-07-31T09:10:09.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6788 (GCVE-0-2025-6788)

Vulnerability from cvelistv5 – Published: 2025-07-11 11:09 – Updated: 2025-07-22 15:16
VLAI
Summary
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Schneider Electric EcoStruxure™ Power Monitoring Expert Affected: 2023 , < All (custom)
Affected: 2023 R2 , < All (custom)
Affected: 2024 , < All (custom)
Affected: 2024 R2 , < All (custom)
Create a notification for this product.
Schneider Electric EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module Affected: 2022 w/ Advanced Reporting Module , < All (custom)
Affected: 2024 w/ Advanced Reporting Module , < All (custom)
Create a notification for this product.
Date Public
2025-07-08 05:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T15:16:21.254303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-22T15:16:30.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure\u2122 Power Monitoring Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "All",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "All",
              "status": "affected",
              "version": "2023 R2",
              "versionType": "custom"
            },
            {
              "lessThan": "All",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "All",
              "status": "affected",
              "version": "2024 R2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure\u2122 Power Operation Advanced Reporting and Dashboards Module",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "All",
              "status": "affected",
              "version": "2022 w/ Advanced Reporting Module",
              "versionType": "custom"
            },
            {
              "lessThan": "All",
              "status": "affected",
              "version": "2024 w/ Advanced Reporting Module",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-07-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
            }
          ],
          "value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-13T23:18:24.544Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-04.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2025-6788",
    "datePublished": "2025-07-11T11:09:35.038Z",
    "dateReserved": "2025-06-27T12:59:12.591Z",
    "dateUpdated": "2025-07-22T15:16:30.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3651 (GCVE-0-2025-3651)

Vulnerability from cvelistv5 – Published: 2025-04-17 14:58 – Updated: 2025-04-17 19:10
VLAI
Title
Command Injection in iManage Work Desktop for Mac's Agent Service
Summary
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service.  This has been remediated in Work Desktop for Mac version 10.8.2.33.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-346 - Origin Validation Error
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
iManage Work Desktop for Mac Affected: 0 , < 10.8.2.33 (custom)
Create a notification for this product.
Date Public
2025-04-17 13:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3651",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T18:53:38.640700Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T19:10:42.989Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Work Desktop for Mac",
          "vendor": "iManage",
          "versions": [
            {
              "lessThan": "10.8.2.33",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-04-17T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Verification of Source of a Communication Channel in Work Desktop for Mac versions 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0.8.1.46 and earlier\u003c/span\u003e\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis has been remediated in Work Desktop for Mac version 10.8.2.33.\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346 Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-17T15:29:30.056Z",
        "orgId": "5d978718-751a-428d-ac8e-4f9445ebfd11",
        "shortName": "iManage"
      },
      "references": [
        {
          "url": "https://docs.imanage.com/security/CVE-2025-3651.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Command Injection in iManage Work Desktop for Mac\u0027s Agent Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5d978718-751a-428d-ac8e-4f9445ebfd11",
    "assignerShortName": "iManage",
    "cveId": "CVE-2025-3651",
    "datePublished": "2025-04-17T14:58:00.520Z",
    "dateReserved": "2025-04-15T18:23:36.913Z",
    "dateUpdated": "2025-04-17T19:10:42.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51755 (GCVE-0-2024-51755)

Vulnerability from cvelistv5 – Published: 2024-11-06 19:27 – Updated: 2024-11-07 15:12
VLAI
Title
Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig
Summary
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
twigphp Twig Affected: < 3.11.2
Affected: >= 3.12.0, < 3.14.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T19:44:58.084307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T19:45:07.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Twig",
          "vendor": "twigphp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.11.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.12.0, \u003c 3.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T15:12:59.408Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh"
        },
        {
          "name": "https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21"
        }
      ],
      "source": {
        "advisory": "GHSA-jjxq-ff2g-95vh",
        "discovery": "UNKNOWN"
      },
      "title": "Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-51755",
    "datePublished": "2024-11-06T19:27:05.347Z",
    "dateReserved": "2024-10-31T14:12:45.791Z",
    "dateUpdated": "2024-11-07T15:12:59.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51754 (GCVE-0-2024-51754)

Vulnerability from cvelistv5 – Published: 2024-11-06 19:28 – Updated: 2025-05-29 09:03
VLAI
Title
Unguarded calls to __toString() when nesting an object into an array in Twig
Summary
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
twigphp Twig Affected: < 3.11.2
Affected: >= 3.12.0, < 3.14.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51754",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T19:40:22.129936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T19:44:28.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-29T09:03:17.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Twig",
          "vendor": "twigphp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.11.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.12.0, \u003c 3.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T19:28:17.553Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6"
        },
        {
          "name": "https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73"
        }
      ],
      "source": {
        "advisory": "GHSA-6377-hfv9-hqf6",
        "discovery": "UNKNOWN"
      },
      "title": "Unguarded calls to __toString() when nesting an object into an array in Twig"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-51754",
    "datePublished": "2024-11-06T19:28:17.553Z",
    "dateReserved": "2024-10-31T14:12:45.791Z",
    "dateUpdated": "2025-05-29T09:03:17.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43704 (GCVE-0-2024-43704)

Vulnerability from cvelistv5 – Published: 2024-11-18 04:54 – Updated: 2024-11-18 13:52
VLAI
Title
GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.13 RTM , ≤ 24.2 RTM1 (custom)
Unaffected: 24.2 RTM2 (custom)
Create a notification for this product.
imaginationtech ddk Affected: 1.13_rtm , ≤ 24.2_rtm1 (custom)
Affected: 24.2_rtm
    cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ddk",
            "vendor": "imaginationtech",
            "versions": [
              {
                "lessThanOrEqual": "24.2_rtm1",
                "status": "affected",
                "version": "1.13_rtm",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "24.2_rtm"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-43704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T13:52:23.942848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T13:52:26.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "lessThanOrEqual": "24.2 RTM1",
              "status": "affected",
              "version": "1.13 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "24.2 RTM2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.\u003c/span\u003e"
            }
          ],
          "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-124",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-124 Shared Resource Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T04:54:20.225Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2024-43704",
    "datePublished": "2024-11-18T04:54:20.225Z",
    "dateReserved": "2024-08-15T08:21:31.533Z",
    "dateUpdated": "2024-11-18T13:52:26.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42350 (GCVE-0-2024-42350)

Vulnerability from cvelistv5 – Published: 2024-08-05 19:47 – Updated: 2024-08-05 20:23
VLAI
Title
Public key confusion in third party block in Biscuit
Summary
Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a third-party block and to sign it: 1. the public key of the previous block (used in the signature), 2. the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. Tokens with third-party blocks containing `trusted` annotations generated through a third party block request. This has been addressed in version 4 of the specification. Users are advised to update their implementations to conform. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42350",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T20:23:26.079868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:23:35.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "biscuit",
          "vendor": "biscuit-auth",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a third-party block and to sign it: 1. the public key of the previous block (used in the signature), 2. the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. Tokens with third-party blocks containing `trusted` annotations generated through a third party block request. This has been addressed in version 4 of the specification. Users are advised to update their implementations to conform. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T19:47:44.903Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/biscuit-auth/biscuit/security/advisories/GHSA-rgqv-mwc3-c78m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/biscuit-auth/biscuit/security/advisories/GHSA-rgqv-mwc3-c78m"
        },
        {
          "name": "https://github.com/biscuit-auth/biscuit/commit/c87cbb5d778964d6574df3e9e6579567cad12fff",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/biscuit-auth/biscuit/commit/c87cbb5d778964d6574df3e9e6579567cad12fff"
        }
      ],
      "source": {
        "advisory": "GHSA-rgqv-mwc3-c78m",
        "discovery": "UNKNOWN"
      },
      "title": "Public key confusion in third party block in Biscuit"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-42350",
    "datePublished": "2024-08-05T19:47:44.903Z",
    "dateReserved": "2024-07-30T14:01:33.922Z",
    "dateUpdated": "2024-08-05T20:23:35.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40725 (GCVE-0-2024-40725)

Vulnerability from cvelistv5 – Published: 2024-07-18 09:32 – Updated: 2025-03-14 17:27
VLAI
Title
Apache HTTP Server: source code disclosure with handlers configured via AddType
Summary
A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache HTTP Server Affected: 2.4.60 , ≤ 2.4.61 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T17:21:48.954496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T17:27:57.926Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T13:05:20.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240808-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.61",
              "status": "affected",
              "version": "2.4.60",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA partial fix for\u0026nbsp; CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-18T09:32:43.929Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-09T09:00:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server: source code disclosure with handlers configured via AddType",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-40725",
    "datePublished": "2024-07-18T09:32:43.929Z",
    "dateReserved": "2024-07-09T13:41:31.514Z",
    "dateUpdated": "2025-03-14T17:27:57.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.