CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

257 vulnerabilities with CWE-829
CVE-2023-36609 HIGH
Ovarro TBox Firmware < 1.50.598 - Unauthenticated Remote Code Execution via OpenVPN Configuration Script
CVSS 7.2
CVE-2023-2249 HIGH
wpForo Forum < 2.1.7 - Authenticated Local File Include and Server-Side Request Forgery via file_get_contents
CVSS 8.8
CVE-2023-2551 HIGH
bumsys < 2.1.1 - Remote File Inclusion
CVSS 8.8
CVE-2023-26053 MEDIUM
Gradle 6.2.0-6.9.3 - Dependency Verification Bypass via PGP Long ID Collision
CVSS 6.6
CVE-2023-21440 MEDIUM
Samsung Android - Unauthorized Screen Capture via WindowManagerService
CVSS 6.2
CVE-2022-49042 HIGH
Synology Hyper Backup Explorer < 3.0.1-0156 - Inclusion of Functionality from Untrusted Control Sphere
CVSS 7.8
CVE-2022-49036 HIGH
Synology Active Backup For Business Recovery Media Creator < 2.5.0-2081 - Inclusion of Functionality from Untrusted Control Sphere
CVSS 7.8
CVE-2022-49038 HIGH
Synology Drive Client <3.3.0-15082 - RCE
CVSS 7.8
CVE-2022-31021 LOW
Hyperledger Ursa < 0.3 - Inclusion of Functionality from Untrusted Control Sphere
CVSS 3.3
CVE-2022-46302 HIGH
Checkmk <= 2.1.0p6, <= 2.0.0p27, 1.6.0 - Remote Code Execution via Apache Reverse Proxy Configuration
CVSS 8.8
CVE-2022-30037 HIGH
xunruicms 4.3.3-4.5.1 - Arbitrary PHP File Write and Inclusion via Cron Add Function
CVSS 7.2
CVE-2022-4134 LOW
openstack-glance - Privilege Escalation
CVSS 2.8
CVE-2022-41216 HIGH
Cloudflow 2.0.0-2.3.1 - Local File Inclusion via Path Traversal
CVSS 8.3
CVE-2022-24119 CRITICAL
General Electric Renewable Energy <8.3.0 - Unauthenticated RCE
CVSS 9.8
CVE-2022-34468 HIGH
Firefox < 102.0 and Firefox ESR < 91.11 - Script Execution via JavaScript Link Click
CVSS 8.8
CVE-2022-41709 HIGH
markdownify 1.4.1 - Remote Code Execution via Malicious Markdown File
CVSS 7.8
CVE-2022-22246 HIGH
Juniper Networks Junos OS <19.1R3-S9, <19.2R3-S6, <19.3 - LFI
CVSS 7.5
CVE-2022-37191 MEDIUM
CuppaCMS v1.0 - Authenticated Local File Inclusion via Function Parameter
CVSS 6.5
CVE-2022-34121 HIGH
Cuppa CMS v1.0 - Local File Inclusion
CVSS 7.5
CVE-2022-33317 HIGH
Mitsubishi Electric GENESIS64 <10.97.1 - Code Injection
CVSS 7.8
CVE-2022-30244 HIGH
Honeywell Alerton Ascent Control Module (ACM) - Code Injection
CVSS 8.0
CVE-2022-30243 HIGH
Honeywell Alerton Visual Logic - Code Injection
CVSS 8.8
CVE-2022-31156 MEDIUM
Gradle 6.2.0-7.4.2 - Dependency Verification Bypass via Missing Checksum or Signature
CVSS 6.6
CVE-2022-29845 MEDIUM
Ipswitch WhatsUp Gold <22.0.0 - Info Disclosure
CVSS 6.5
CVE-2022-24824 MEDIUM
Discourse < 2.8.3 - Unauthenticated Cache Poisoning via Crawler View Injection
CVSS 5.3
Details
Vulnerabilities 257
Links
MITRE CWE Entry Search this CWE With Exploits