Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-22118 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | 7.8 |
| 2021-05-27 | CVE-2008-2544 | Exposure of Resource to Wrong Sphere vulnerability in Linux Kernel Mounting /proc filesystem via chroot command silently mounts it in read-write mode. | 5.5 |
| 2021-05-27 | CVE-2021-31154 | Exposure of Resource to Wrong Sphere vulnerability in Pleaseedit Project Pleaseedit pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. | 7.8 |
| 2021-05-26 | CVE-2018-16494 | Exposure of Resource to Wrong Sphere vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0 In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. | 8.8 |
| 2021-05-11 | CVE-2021-26309 | Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Teamcity Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. | 3.3 |
| 2021-05-10 | CVE-2021-21430 | Exposure of Resource to Wrong Sphere vulnerability in Openapi-Generator Openapi Generator OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. | 5.5 |
| 2021-05-10 | CVE-2021-21428 | Exposure of Resource to Wrong Sphere vulnerability in Openapi-Generator Openapi Generator Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. | 7.0 |
| 2021-04-23 | CVE-2021-31410 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Designer Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | 7.5 |
| 2021-04-23 | CVE-2021-31407 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | 7.5 |
| 2021-04-23 | CVE-2020-36319 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. | 6.5 |