Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-15 | CVE-2017-0215 | Exposure of Resource to Wrong Sphere vulnerability in Microsoft Windows 10 and Windows Server 2016 Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | 4.6 |
| 2017-05-15 | CVE-2017-7490 | Exposure of Resource to Wrong Sphere vulnerability in Moodle In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | 5.0 |
| 2017-05-02 | CVE-2017-8418 | Exposure of Resource to Wrong Sphere vulnerability in Rubocop Project Rubocop RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | 2.1 |
| 2017-04-17 | CVE-2017-5648 | Exposure of Resource to Wrong Sphere vulnerability in Apache Tomcat While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. | 9.1 |
| 2017-02-23 | CVE-2017-6100 | Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | 5.0 |
| 2017-02-09 | CVE-2017-5634 | Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | 7.2 |
| 2016-12-29 | CVE-2016-5334 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Identity Manager and Vrealize Automation VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | 5.0 |
| 2016-07-15 | CVE-2016-5787 | Exposure of Resource to Wrong Sphere vulnerability in GE Cimplicity General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | 4.6 |
| 2012-03-22 | CVE-2012-1846 | Exposure of Resource TO Wrong Sphere vulnerability in Google Chrome Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. | 10.0 |
| 2011-08-10 | CVE-2011-1960 | Exposure of Resource to Wrong Sphere vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | 4.3 |