Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-26041 | Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Talk Nextcloud Talk is a fully on-premises audio/video and chat communication service. | 4.3 |
| 2023-02-27 | CVE-2023-23501 | Exposure of Resource to Wrong Sphere vulnerability in Apple Macos The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. | 5.5 |
| 2023-02-27 | CVE-2023-27265 | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
| 2023-02-24 | CVE-2022-44310 | Exposure of Resource to Wrong Sphere vulnerability in Ecdh Project Ecdh 0.0.0/0.1.0/0.1.1 In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | 7.5 |
| 2023-02-24 | CVE-2023-0481 | Exposure of Resource to Wrong Sphere vulnerability in Quarkus In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | 3.3 |
| 2023-02-20 | CVE-2023-26081 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | 7.5 |
| 2023-02-16 | CVE-2022-39952 | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | 9.8 |
| 2023-02-15 | CVE-2023-25192 | Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow User Enumeration through Redfish. | 5.3 |
| 2023-02-14 | CVE-2023-24523 | Exposure of Resource to Wrong Sphere vulnerability in SAP Host Agent 7.21/7.22 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. | 8.8 |
| 2023-02-11 | CVE-2022-34387 | Exposure of Resource to Wrong Sphere vulnerability in Dell products Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. | 7.8 |