Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-MC25-V4MW-CVR9

Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.",
  "id": "GHSA-mc25-v4mw-cvr9",
  "modified": "2022-07-13T00:01:39Z",
  "published": "2022-01-04T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39980"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MC5P-GX9G-CGP5

Vulnerability from github – Published: 2022-05-11 00:00 – Updated: 2025-01-02 21:31
VLAI
Details

Windows Server Service Information Disclosure Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-10T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows Server Service Information Disclosure Vulnerability.",
  "id": "GHSA-mc5p-gx9g-cgp5",
  "modified": "2025-01-02T21:31:33Z",
  "published": "2022-05-11T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26936"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26936"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26936"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MC7V-26CQ-J49V

Vulnerability from github – Published: 2021-12-16 00:02 – Updated: 2022-05-24 00:00
VLAI
Details

Windows Common Log File System Driver Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows Common Log File System Driver Information Disclosure Vulnerability",
  "id": "GHSA-mc7v-26cq-j49v",
  "modified": "2022-05-24T00:00:46Z",
  "published": "2021-12-16T00:02:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43224"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43224"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MC9M-F6J8-4J47

Vulnerability from github – Published: 2023-10-11 12:30 – Updated: 2024-04-04 08:33
VLAI
Details

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T12:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.",
  "id": "GHSA-mc9m-f6j8-4j47",
  "modified": "2024-04-04T08:33:49Z",
  "published": "2023-10-11T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44102"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/10"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MCRX-HFRQ-XQ94

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-08 00:00
VLAI
Details

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.",
  "id": "GHSA-mcrx-hfrq-xq94",
  "modified": "2022-10-08T00:00:17Z",
  "published": "2022-10-07T18:15:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39857"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFW9-VJXF-GVR8

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details

Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1327",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-mfw9-vjxf-gvr8",
  "modified": "2026-02-10T18:30:42Z",
  "published": "2026-02-10T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21528"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG9R-PCRH-RR7F

Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08
VLAI
Details

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-14T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.",
  "id": "GHSA-mg9r-pcrh-rr7f",
  "modified": "2024-04-04T06:08:42Z",
  "published": "2023-07-14T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32759"
    },
    {
      "type": "WEB",
      "url": "https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821"
    },
    {
      "type": "WEB",
      "url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGG2-P2X6-83VP

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-07-13 00:01
VLAI
Details

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-19T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.",
  "id": "GHSA-mgg2-p2x6-83vp",
  "modified": "2022-07-13T00:01:24Z",
  "published": "2022-05-24T19:17:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30828"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212804"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212805"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH3F-2XWC-5R5J

Vulnerability from github – Published: 2023-06-14 00:30 – Updated: 2024-04-04 04:48
VLAI
Details

Windows Kernel Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-14T00:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Windows Kernel Information Disclosure Vulnerability",
  "id": "GHSA-mh3f-2xwc-5r5j",
  "modified": "2024-04-04T04:48:58Z",
  "published": "2023-06-14T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32019"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173310/Windows-Kernel-KTM-Registry-Transactions-Non-Atomic-Outcomes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH3H-5C5W-CQH9

Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2024-04-03 23:57
VLAI
Details

Monkey HTTP Daemon has local security bypass

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-2183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-10T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Monkey HTTP Daemon has local security bypass",
  "id": "GHSA-mh3h-5c5w-cqh9",
  "modified": "2024-04-03T23:57:36Z",
  "published": "2022-05-05T00:29:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2183"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-2183"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/60589"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/14/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/14/13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.