Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1252 vulnerabilities reference this CWE, most recent first.

GHSA-X9RP-8J88-VH76

Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

binder: fix async_free_space accounting for empty parcels

In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size.

Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years.

The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T10:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless.  These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.",
  "id": "GHSA-x9rp-8j88-vh76",
  "modified": "2024-04-10T18:30:47Z",
  "published": "2024-02-27T12:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46935"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XC2Q-PRRJ-8CP6

Vulnerability from github – Published: 2023-06-14 00:30 – Updated: 2024-04-04 04:48
VLAI
Details

Windows Installer Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-14T00:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Windows Installer Information Disclosure Vulnerability",
  "id": "GHSA-xc2q-prrj-8cp6",
  "modified": "2024-04-04T04:48:53Z",
  "published": "2023-06-14T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32016"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCJR-GM58-GW5Q

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "HIGH"
  },
  "details": "The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.",
  "id": "GHSA-xcjr-gm58-gw5q",
  "modified": "2023-08-08T15:31:31Z",
  "published": "2022-01-11T00:01:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40005"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCX2-X6F7-987C

Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2022-05-13 01:39
VLAI
Details

Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-15T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.",
  "id": "GHSA-xcx2-x6f7-987c",
  "modified": "2022-05-13T01:39:49Z",
  "published": "2022-05-13T01:39:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0215"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0215"
    },
    {
      "type": "WEB",
      "url": "https://posts.specterops.io/umci-bypass-using-psworkflowutility-cve-2017-0215-71c76c1588f9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98879"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XF2W-RWCJ-Q83W

Vulnerability from github – Published: 2022-12-28 21:30 – Updated: 2023-01-06 21:30
VLAI
Details

A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-28T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.",
  "id": "GHSA-xf2w-rwcj-q83w",
  "modified": "2023-01-06T21:30:42Z",
  "published": "2022-12-28T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/centic9/jgit-cookbook/pull/86"
    },
    {
      "type": "WEB",
      "url": "https://github.com/centic9/jgit-cookbook/commit/b8cb29b43dc704708d598c60ac1881db7cf8e9c3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.216988"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFCW-6C56-RP9P

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-08-13 00:00
VLAI
Details

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.",
  "id": "GHSA-xfcw-6c56-rp9p",
  "modified": "2022-08-13T00:00:33Z",
  "published": "2022-05-24T17:45:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25352"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG48-JQ9V-2X5F

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00
VLAI
Details

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.",
  "id": "GHSA-xg48-jq9v-2x5f",
  "modified": "2022-10-12T12:00:21Z",
  "published": "2022-10-07T18:15:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39860"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG6V-XH9G-65CV

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:12
VLAI
Details

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in.",
  "id": "GHSA-xg6v-xh9g-65cv",
  "modified": "2024-04-04T01:12:47Z",
  "published": "2022-05-24T16:49:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13379"
    },
    {
      "type": "WEB",
      "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGC4-84F6-P6XR

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T09:59:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.",
  "id": "GHSA-xgc4-84f6-p6xr",
  "modified": "2022-05-13T01:02:39Z",
  "published": "2022-05-13T01:02:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5334"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94482"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037326"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGQ6-2343-XVCM

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames",
  "id": "GHSA-xgq6-2343-xvcm",
  "modified": "2023-08-08T15:31:24Z",
  "published": "2021-12-08T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40288"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.