CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

257 vulnerabilities with CWE-829

CVE-2019-10666 HIGH

LibreNMS < 1.47 - Local File Inclusion via Directory Traversal in Dynamic Script Include

CVSS 8.1

CVE-2019-5479 HIGH

larvitbase-api < v0.5.5 - Info Disclosure

CVSS 7.5

CVE-2019-15839 HIGH

Sina-Extension-For-Elementor <2.2.1 - Local File Inclusion

CVSS 7.5

CVE-2019-13589 CRITICAL

paranoid2 gem <1.1.6 - Code Injection

CVSS 9.8

CVE-2019-4263 MEDIUM

IBM Content Navigator <3.0CD - Local File Inclusion

CVSS 4.3

CVE-2019-11770 HIGH

Eclipse Buildship <3.1.1 - Info Disclosure

CVSS 8.1

CVE-2019-10249 HIGH

Xtext & Xtend <2.18.0 - Info Disclosure

CVSS 8.1

CVE-2019-11591 HIGH

WebDorado Contact Form <1.13.5 - CSRF

CVSS 8.8

CVE-2019-11590 HIGH

10Web Form Maker < 1.13.5 - Cross-Site Request Forgery and Local File Inclusion via Admin-Ajax Action Parameter

CVSS 8.8

CVE-2019-10248 HIGH

Eclipse Vorto <0.11 - Info Disclosure

CVSS 8.1

CVE-2019-10240 HIGH

Eclipse hawkBit < 0.3.0M2 - Cleartext Transmission of Sensitive Information via Maven Build Artifacts

CVSS 8.1

CVE-2019-9829 HIGH

Maccms 10 - Remote Code Execution via Template Cache File Inclusion

CVSS 8.8

CVE-2018-17246 CRITICAL

Kibana <6.4.3, 5.6.13 - Code Injection

CVSS 9.8

CVE-2018-12120 HIGH

Node.js 6.0.0-6.14.9 - Remote Code Execution via Debugger Port

CVSS 8.1

CVE-2018-18387 HIGH

playSMS < 1.4.2 - Privilege Escalation via Daemon Abuse

CVSS 8.8

CVE-2018-15486 CRITICAL

KONE Group Controller <4.6.5 - Local File Inclusion

CVSS 9.1

CVE-2018-8351 MEDIUM

Microsoft Browser < - Info Disclosure

CVSS 6.5

CVE-2018-1000502 HIGH

MyBB < 1.8.15 - Authenticated Local File Inclusion via Task Manager

CVSS 7.2

CVE-2018-11040 HIGH

Spring Framework <5.0.7 & <4.3.18 - XSS

CVSS 7.5

CVE-2018-1122 HIGH

procps-ng <3.3.15 - Privilege Escalation

CVSS 7.3

CVE-2018-7422 HIGH

Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter

CVSS 7.5

CVE-2017-5397 CRITICAL

Firefox < 51.0.3 - Untrusted Library Loading via World-Writable Cache Directory

CVSS 9.8

CVE-2017-14095 HIGH

Trend Micro Smart Protection Server <3.2 - RCE

CVSS 8.1

CVE-2017-1376 CRITICAL

IBM Operations Analytics Predictive Insights - Privilege Escalation via J9 VM Class Verifier Bypass

CVSS 9.8

CVE-2017-6381 HIGH

Drupal < 8.2.2 - Remote Code Execution via Third-Party Development Library

CVSS 8.1

Details

Vulnerabilities 257

Links