CWE-642

High likelihood

External Control of Critical State Data

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.

15 vulnerabilities with CWE-642
CVE-2025-26787 MEDIUM
Keyfactor SignServer <7.2 - Privilege Escalation
CVSS 4.7
CVE-2025-49090 HIGH
Matrix <1.16 - Info Disclosure
CVSS 7.1
CVE-2024-58265 LOW
Snow Crate <0.9.5 - DoS
CVSS 3.1
CVE-2025-54566 MEDIUM
QEMU <10.0.3 - Info Disclosure
CVSS 4.2
CVE-2024-8754 MEDIUM
GitLab EE/CE <17.1.7-17.3.2 - Info Disclosure
CVSS 6.4
CVE-2024-22387 MEDIUM
Gallagher - Info Disclosure
CVSS 6.8
CVE-2023-0575 HIGH
Yugabyte DB <2.2.0.0 - Code Injection
CVSS 7.2
CVE-2022-32859 MEDIUM
iOS <16 - Info Disclosure
CVSS 5.3
CVE-2022-22154 MEDIUM
Juniper Networks Junos OS - DoS
CVSS 6.8
CVE-2020-27872 HIGH
NETGEAR R7450 <1.2.0.62_1.0.1 - Auth Bypass
CVSS 8.8
CVE-2020-26186 MEDIUM
Dell Inspiron 5675 <1.4.1 - Code Injection
CVSS 6.8
CVE-2020-1976 MEDIUM
Paloaltonetworks Globalprotect < 5.0.5 - Denial of Service
CVSS 4.7
CVE-2019-9496 HIGH
hostapd <2.8 - DoS
CVSS 7.5
CVE-2018-15382 HIGH
Cisco HyperFlex Software - SSRF
CVSS 8.6
CVE-2017-0928 MEDIUM
html-janitor - Code Injection
CVSS 6.1
Details
Vulnerabilities 15
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits