CWE-642
High likelihoodExternal Control of Critical State Data
The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.
16 vulnerabilities with CWE-642
CVE-2026-29146
HIGH
Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default
CVSS 7.5
CVE-2025-26787
MEDIUM
Keyfactor SignServer <7.2 - Privilege Escalation
CVSS 4.7
CVE-2025-49090
HIGH
Matrix specification < 1.16 - External Control of Critical State Data
CVSS 7.1
CVE-2025-54566
MEDIUM
QEMU < 10.0.3 - Migration State Inconsistency in PCIe SRIOV
CVSS 4.2
CVE-2024-58265
LOW
snow < 0.9.5 - Denial of Service via Nonce Manipulation
CVSS 3.1
CVE-2024-8754
MEDIUM
GitLab EE/CE <17.1.7-17.3.2 - Info Disclosure
CVSS 6.4
CVE-2024-22387
MEDIUM
Gallagher Controller 6000/7000 <8.60, 8.70-8.90, 9.00-9.10 - Authenticated External Control of Critical State Data
CVSS 6.8
CVE-2023-0575
HIGH
Yugabyte DB <2.2.0.0 - Code Injection
CVSS 7.2
CVE-2022-32859
MEDIUM
iPhone OS < 16.0 - Deleted Contact Information Exposure via Spotlight Search
CVSS 5.3
CVE-2022-22154
MEDIUM
Juniper Junos 16.1R1-18.4R3, 19.1-19.1R3, 19.2-19.2R3 - Denial of Service via Satellite Device Cabling Manipulation
CVSS 6.8
CVE-2020-27872
HIGH
NETGEAR R7450 <1.2.0.62_1.0.1 - Auth Bypass
CVSS 8.8
CVE-2020-26186
MEDIUM
Dell Inspiron 5675 <1.4.1 - Code Injection
CVSS 6.8
CVE-2020-1976
MEDIUM
GlobalProtect 5.0-5.0.5 - Authenticated Denial of Service
CVSS 4.7
CVE-2019-9496
HIGH
hostapd and wpa_supplicant < 2.7 - Denial of Service via SAE Confirm Message
CVSS 7.5
CVE-2018-15382
HIGH
Cisco HyperFlex HX Data Platform - Unauthenticated Session Token Generation via Static Signing Key
CVSS 8.6
CVE-2017-0928
MEDIUM
html-janitor - Sanitization Bypass via _sanitized Variable
CVSS 6.1
Details
Vulnerabilities
16
Exploit Likelihood
High