Vulnerabilities > Exposure of Resource to Wrong Sphere

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-1438 Exposure of Resource to Wrong Sphere vulnerability in Cisco Wide Area Application Services
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device.
local
low complexity
cisco CWE-668
5.5
2021-04-23 CVE-2021-31410 Exposure of Resource to Wrong Sphere vulnerability in Vaadin Designer
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
network
low complexity
vaadin CWE-668
5.0
2021-04-23 CVE-2021-31407 Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
network
low complexity
vaadin CWE-668
5.0
2021-04-23 CVE-2020-36319 Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g.
network
vaadin CWE-668
3.5
2021-04-22 CVE-2021-28168 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability.
local
low complexity
eclipse oracle CWE-668
5.5
2021-04-16 CVE-2021-22539 Exposure of Resource to Wrong Sphere vulnerability in Google Bazel
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable.
local
low complexity
google CWE-668
7.8
2021-04-09 CVE-2021-25364 Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
local
low complexity
google CWE-668
3.3
2021-04-09 CVE-2021-25357 Exposure of Resource to Wrong Sphere vulnerability in Google Android 8.1/9.0
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
local
low complexity
google CWE-668
2.1
2021-03-25 CVE-2020-10581 Exposure of Resource to Wrong Sphere vulnerability in Invigo Automatic Device Management
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.
network
low complexity
invigo CWE-668
5.0
2021-03-25 CVE-2021-25352 Exposure of Resource to Wrong Sphere vulnerability in Samsung Bixby Voice
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.
local
low complexity
samsung CWE-668
4.6