Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-31 | CVE-2019-14905 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. | 5.6 |
| 2020-03-16 | CVE-2020-10238 | Exposure of Resource to Wrong Sphere vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.16. | 5.0 |
| 2020-03-11 | CVE-2020-1981 | Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. | 7.2 |
| 2020-02-28 | CVE-2019-10805 | Exposure of Resource to Wrong Sphere vulnerability in Sideralis Valib.Js 2.0.0 valib through 2.0.0 allows Internal Property Tampering. | 5.0 |
| 2020-02-17 | CVE-2019-10790 | Exposure of Resource to Wrong Sphere vulnerability in Taffydb Taffy 2.6.2 taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. | 7.5 |
| 2020-02-04 | CVE-2020-8449 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.5 |
| 2020-02-04 | CVE-2020-8121 | Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Server A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | 5.5 |
| 2020-01-30 | CVE-2020-7912 | Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. | 5.0 |
| 2020-01-28 | CVE-2019-4633 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 4.3 |
| 2020-01-22 | CVE-2019-10781 | Exposure of Resource to Wrong Sphere vulnerability in Schema-Inspector Project Schema-Inspector In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. | 7.5 |