Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-31154 | Exposure of Resource to Wrong Sphere vulnerability in Pleaseedit Project Pleaseedit pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. | 7.8 |
| 2021-05-26 | CVE-2018-16494 | Exposure of Resource to Wrong Sphere vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0 In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. | 8.8 |
| 2021-05-11 | CVE-2021-26309 | Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Teamcity Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. | 3.3 |
| 2021-05-10 | CVE-2021-21430 | Exposure of Resource to Wrong Sphere vulnerability in Openapi-Generator Openapi Generator OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. | 5.5 |
| 2021-05-10 | CVE-2021-21428 | Exposure of Resource to Wrong Sphere vulnerability in Openapi-Generator Openapi Generator Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. | 7.0 |
| 2021-04-23 | CVE-2021-31410 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Designer Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | 7.5 |
| 2021-04-23 | CVE-2021-31407 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | 7.5 |
| 2021-04-23 | CVE-2020-36319 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. | 6.5 |
| 2021-04-22 | CVE-2021-28168 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. | 5.5 |
| 2021-04-16 | CVE-2021-22539 | Exposure of Resource to Wrong Sphere vulnerability in Google Bazel An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. | 7.8 |