Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-29 | CVE-2020-11934 | Exposure of Resource to Wrong Sphere vulnerability in Canonical Ubuntu Linux It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. | 5.9 |
| 2020-07-17 | CVE-2020-15816 | Exposure of Resource to Wrong Sphere vulnerability in Westerndigital WD Discovery In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | 8.8 |
| 2020-07-15 | CVE-2020-14064 | Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | 6.5 |
| 2020-06-29 | CVE-2020-12020 | Exposure of Resource to Wrong Sphere vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. | 6.1 |
| 2020-06-24 | CVE-2020-10271 | Exposure of Resource to Wrong Sphere vulnerability in multiple products MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-668 critical | 9.8 |
| 2020-06-19 | CVE-2019-20853 | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Packages An issue was discovered in Mattermost Packages before 5.16.3. | 9.8 |
| 2020-06-01 | CVE-2020-9291 | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Forticlient An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | 7.8 |
| 2020-05-27 | CVE-2020-6774 | Exposure of Resource to Wrong Sphere vulnerability in Bosch Recording Station Firmware Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | 8.8 |
| 2020-05-21 | CVE-2020-6490 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2020-05-15 | CVE-2020-11931 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. | 3.3 |