CWE-668— Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.— MITRE CWE catalog
1,109 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-668page 18 of 23
- CVE-2023-21536MEDIUMCVSS 4.7EG 4.72023-01-10
Event Tracing for Windows Information Disclosure Vulnerability
- CVE-2023-21611HIGHCVSS 7.8EG 7.82023-01-18
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in pri…
- CVE-2023-21687MEDIUMCVSS 5.5EG 5.52023-02-14
HTTP.sys Information Disclosure Vulnerability
- CVE-2023-21714MEDIUMCVSS 5.5EG 5.52023-02-14
Microsoft Office Information Disclosure Vulnerability
- CVE-2023-22307MEDIUMCVSS 5.5EG 5.52023-04-18
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.
- CVE-2023-22497MEDIUMCVSS 6.5EG 6.52023-01-14
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it w…
- CVE-2023-22775MEDIUMCVSS 6.5EG 6.52023-03-01
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privile…
- CVE-2023-22777MEDIUMCVSS 4.9EG 6.52023-03-01
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
- CVE-2023-22892HIGHCVSS 7.5EG 7.52023-03-08
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
- CVE-2023-23394MEDIUMCVSS 5.5EG 5.52023-03-14
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
- CVE-2023-23409MEDIUMCVSS 5.5EG 5.52023-03-14
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
- CVE-2023-23448MEDIUMCVSS 5.3EG 5.32023-05-15
Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis o…
- CVE-2023-23501MEDIUMCVSS 5.5EG 5.52023-02-27
The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory.
- CVE-2023-24523HIGHCVSS 8.8EG 8.82023-02-14
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command …
- CVE-2023-24567HIGHCVSS 7.5EG 6.52023-03-01
Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attack…
- CVE-2023-24863MEDIUMCVSS 6.5EG 6.52023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- CVE-2023-24866MEDIUMCVSS 6.5EG 6.52023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- CVE-2023-24870MEDIUMCVSS 6.5EG 6.52023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- CVE-2023-24906MEDIUMCVSS 6.5EG 6.52023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- CVE-2023-24965MEDIUMCVSS 5.8EG 5.82023-09-08
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
- CVE-2023-25192MEDIUMCVSS 5.3EG 5.32023-02-15
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.
- CVE-2023-25409HIGHCVSS 8.1EG 8.12023-04-11
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.
- CVE-2023-25536MEDIUMCVSS 6.7EG 6.72023-03-02
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system …
- CVE-2023-25544HIGHCVSS 7.5EG 6.52023-03-01
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific a…
- CVE-2023-25750MEDIUMCVSS 4.3EG 4.32023-06-02
Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.
- CVE-2023-25802HIGHCVSS 7.5EG 7.52023-03-13
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information…
- CVE-2023-25954MEDIUMCVSS 5.5EG 5.52023-04-13
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the vi…
- CVE-2023-26041LOWCVSS 2.6EG 2.62023-02-27
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. I…
- CVE-2023-26081HIGHCVSS 7.5EG 7.52023-02-20
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
- CVE-2023-2622LOWCVSS 2.7EG 2.72023-11-01
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have …
- CVE-2023-26243HIGHCVSS 7.8EG 7.82023-04-27
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and ini…
- CVE-2023-26458MEDIUMCVSS 6.8EG 8.72023-04-11
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems …
- CVE-2023-26588HIGHCVSS 7.5EG 7.52023-04-11
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GS…
- CVE-2023-2703HIGHCVSS 7.5EG 7.62023-05-23
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users. This issue affects Competition Manage…
- CVE-2023-27265LOWCVSS 2.7EG 2.72023-02-27
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
- CVE-2023-27564HIGHCVSS 7.5EG 7.52023-05-10
The n8n package 0.218.0 for Node.js allows Information Disclosure.
- CVE-2023-27976HIGHCVSS 8.8EG 8.82023-04-18
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.…
- CVE-2023-2820MEDIUMCVSS 6.1EG 6.12023-06-14
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in…
- CVE-2023-28336MEDIUMCVSS 4.3EG 4.32023-03-23
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
- CVE-2023-28344HIGHCVSS 7.1EG 7.12023-05-31
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on b…
- CVE-2023-28433HIGHCVSS 8.8EG 8.82023-03-22
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a res…
- CVE-2023-2916HIGHCVSS 7.5EG 5.32023-08-15
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions o…
- CVE-2023-29192LOWCVSS 2.7EG 2.72023-04-10
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.
- CVE-2023-29203LOWCVSS 3.7EG 3.72023-04-15
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgs…
- CVE-2023-29208HIGHCVSS 7.5EG 7.52023-04-15
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that…
- CVE-2023-29355MEDIUMCVSS 5.3EG 5.32023-06-14
DHCP Server Service Information Disclosure Vulnerability
- CVE-2023-29403HIGHCVSS 7.8EG 7.82023-06-08
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descript…
- CVE-2023-29538MEDIUMCVSS 4.3EG 5.32023-06-02
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affe…
- CVE-2023-29820MEDIUMCVSS 5.5EG 5.52023-05-12
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulner…
- CVE-2023-30802MEDIUMCVSS 5.3EG 5.32023-10-10
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Lengt…
Map vulnerabilities like CWE-668 to your infrastructure
EchelonGraph correlates every CVE — across CWE-668 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →