CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-VVRW-6H2V-CMMV
Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:48An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.
{
"affected": [],
"aliases": [
"CVE-2023-38830"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-10T15:15:09Z",
"severity": "HIGH"
},
"details": "An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients\u0027 credit card numbers from the Reservations module.",
"id": "GHSA-vvrw-6h2v-cmmv",
"modified": "2024-04-04T06:48:31Z",
"published": "2023-08-10T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38830"
},
{
"type": "WEB",
"url": "https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-2-4fa5e2ccfe2e"
},
{
"type": "WEB",
"url": "https://medium.com/@milfortutz/multiple-vulnerabilities-in-phpjabbers-part-2-4fa5e2ccfe2e"
},
{
"type": "WEB",
"url": "https://www.phpjabbers.com/yacht-listing-script"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VVVP-C6HW-M8PJ
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2025-09-17 18:31In the Linux kernel, the following vulnerability has been resolved:
net: fix information leakage in /proc/net/ptype
In one net namespace, after creating a packet socket without binding
it to a device, users in other net namespaces can observe the new
packet_type added by this packet socket by reading /proc/net/ptype
file. This is minor information leakage as packet socket is
namespace aware.
Add a net pointer in packet_type to keep the net namespace of
of corresponding packet socket. In ptype_seq_show, this net pointer
must be checked when it is not NULL.
{
"affected": [],
"aliases": [
"CVE-2022-48757"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:13Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix information leakage in /proc/net/ptype\n\nIn one net namespace, after creating a packet socket without binding\nit to a device, users in other net namespaces can observe the new\n`packet_type` added by this packet socket by reading `/proc/net/ptype`\nfile. This is minor information leakage as packet socket is\nnamespace aware.\n\nAdd a net pointer in `packet_type` to keep the net namespace of\nof corresponding packet socket. In `ptype_seq_show`, this net pointer\nmust be checked when it is not NULL.",
"id": "GHSA-vvvp-c6hw-m8pj",
"modified": "2025-09-17T18:31:14Z",
"published": "2024-06-20T12:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVWG-MM2Q-WVGR
Vulnerability from github – Published: 2022-04-29 00:00 – Updated: 2022-05-06 00:00In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
{
"affected": [],
"aliases": [
"CVE-2022-29820"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-28T10:15:00Z",
"severity": "LOW"
},
"details": "In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible",
"id": "GHSA-vvwg-mm2q-wvgr",
"modified": "2022-05-06T00:00:55Z",
"published": "2022-04-29T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29820"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VW2X-RP6V-F32F
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-16 00:00VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
{
"affected": [],
"aliases": [
"CVE-2022-31673"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T20:15:00Z",
"severity": "HIGH"
},
"details": "VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.",
"id": "GHSA-vw2x-rp6v-f32f",
"modified": "2022-08-16T00:00:24Z",
"published": "2022-08-11T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31673"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW84-HPRM-CXMM
Vulnerability from github – Published: 2025-10-31 21:24 – Updated: 2025-10-31 21:24Impact
Under certain conditions (under high concurrency), when session_state is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user.
Patches
This has been patched in version 2.2.2. Upgrade with pip install -U agno.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "agno"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64168"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-31T21:24:53Z",
"nvd_published_at": "2025-10-31T15:15:43Z",
"severity": "HIGH"
},
"details": "### Impact\nUnder certain conditions (under high concurrency), when `session_state` is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a `session_state` to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user.\n\n### Patches\nThis has been patched in version 2.2.2. Upgrade with `pip install -U agno`.",
"id": "GHSA-vw84-hprm-cxmm",
"modified": "2025-10-31T21:24:53Z",
"published": "2025-10-31T21:24:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64168"
},
{
"type": "PACKAGE",
"url": "https://github.com/agno-agi/agno"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Agno session state overwrites between different sessions/users"
}
GHSA-VWFH-HRM2-8Q9H
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-20 00:00Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
{
"affected": [],
"aliases": [
"CVE-2022-25986"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T08:15:00Z",
"severity": "MODERATE"
},
"details": "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.",
"id": "GHSA-vwfh-hrm2-8q9h",
"modified": "2022-08-20T00:00:57Z",
"published": "2022-08-19T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25986"
},
{
"type": "WEB",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VWXH-HR5C-V523
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
{
"affected": [],
"aliases": [
"CVE-2021-27043"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-25T13:15:00Z",
"severity": "MODERATE"
},
"details": "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.",
"id": "GHSA-vwxh-hr5c-v523",
"modified": "2022-05-24T19:06:19Z",
"published": "2022-05-24T19:06:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27043"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-470"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VX2P-M3J3-FJ93
Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-06-02 00:00A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2021-26361"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-12T18:16:00Z",
"severity": "MODERATE"
},
"details": "A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.",
"id": "GHSA-vx2p-m3j3-fj93",
"modified": "2022-06-02T00:00:26Z",
"published": "2022-05-13T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26361"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VXF8-WWPW-PHXG
Vulnerability from github – Published: 2023-05-12 12:30 – Updated: 2024-03-21 03:35An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer.
{
"affected": [],
"aliases": [
"CVE-2023-29820"
],
"database_specific": {
"cwe_ids": [
"CWE-552",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-12T11:15:12Z",
"severity": "MODERATE"
},
"details": "An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer.",
"id": "GHSA-vxf8-wwpw-phxg",
"modified": "2024-03-21T03:35:15Z",
"published": "2023-05-12T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29820"
},
{
"type": "WEB",
"url": "https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere"
},
{
"type": "WEB",
"url": "http://secureanywhere.com"
},
{
"type": "WEB",
"url": "http://webroot.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VXJH-JV72-7244
Vulnerability from github – Published: 2023-08-31 18:30 – Updated: 2023-08-31 18:30Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
{
"affected": [],
"aliases": [
"CVE-2023-41745"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-31T18:15:09Z",
"severity": "MODERATE"
},
"details": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.",
"id": "GHSA-vxjh-jv72-7244",
"modified": "2023-08-31T18:30:28Z",
"published": "2023-08-31T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41745"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-2008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.