CWE-402 23 個 CVE MITRE 定義 ↗

CWE-402:Transmission of Private Resources into a New Sphere ('Resource Leak')

概覽

CWE-402(Transmission of Private Resources into a New Sphere ('Resource Leak'))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-67745 2025-12-18 MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryptio…
CVE-2024-32388 2025-12-01 Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based se…
CVE-2025-66422 2025-11-29 Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVE-2025-55014 2025-08-04 The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.
CVE-2025-49618 2025-07-03 In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.
CVE-2025-52925 2025-07-02 In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
CVE-2025-48383 2025-05-27 Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access …
CVE-2025-32360 2025-04-05 In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared dra…
CVE-2025-29925 2025-03-19 XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user does…
CVE-2025-0502 2025-01-15 Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.Th…
CVE-2024-47146 2024-12-06 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
CVE-2024-29900 2024-03-29 Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js hea…
CVE-2024-0443 2024-01-11 A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is on…
CVE-2023-38509 2023-11-06 XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation con…
CVE-2022-3596 2023-09-20 An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leadi…
CVE-2023-4569 2023-08-28 A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, w…
CVE-2023-34467 2023-06-23 XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account…
CVE-2022-30231 2022-06-14 A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticat…
CVE-2021-23264 2021-12-02 Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CVE-2021-23263 2021-12-02 Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).

曾用名

  • Resource Leaks (2008-04-11)
  • Transmission of Private Resources into a New Sphere (aka 'Resource Leak') (2009-05-27)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Name
2011-03-29 CWE Content Team 1.12 updated Alternate_Terms
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence