CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
230 vulnerabilities with CWE-829
CVE-2021-20443
HIGH
IBM Maximo for Civil Infrastructure <7.6.2 - Code Injection
CVSS 8.8
CVE-2021-20187
HIGH
Moodle < 3.5.16 - Code Injection
CVSS 7.2
CVE-2021-26272
MEDIUM
Ckeditor < 4.16 - Denial of Service
CVSS 6.5
CVE-2021-26271
MEDIUM
Ckeditor < 4.16 - Denial of Service
CVSS 6.5
CVE-2020-36924
MEDIUM
Sony BRAVIA Digital Signage 1.7.8 - RCE
CVSS 6.1
CVE-2020-36905
HIGH
FIBARO System Home Center 5.021 - RCE
CVSS 7.5
CVE-2020-16152
CRITICAL
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
CVSS 9.8
CVE-2020-25414
CRITICAL
Monstra 3.0.4 - Code Injection
CVSS 9.8
CVE-2020-4561
CRITICAL
IBM Cognos Analytics <11.1 - Info Disclosure
CVSS 10.0
CVE-2020-24985
HIGH
Quadbase EspressReports ES <7 - Command Injection
CVSS 8.1
CVE-2020-22474
MEDIUM
webERP 4.15 - Local File Inclusion
CVSS 6.5
CVE-2020-29072
MEDIUM
LiquidFiles <3.3.19 - XSS
CVSS 6.1
CVE-2020-25788
HIGH
Tiny Tiny RSS <2020-09-16 - Info Disclosure
CVSS 8.1
CVE-2020-13175
HIGH
Teradici Cloud Access Connector < v15 - Local File Inclusion
CVSS 7.5
CVE-2020-13651
HIGH
DigDash <2019R2 - Code Injection
CVSS 7.8
CVE-2020-13977
MEDIUM
Nagios 4.4.5 - Privilege Escalation
CVSS 4.9
CVE-2020-5295
MEDIUM
OctoberCMS <1.0.466 - Info Disclosure
CVSS 4.8
CVE-2020-10865
HIGH
Avast Antivirus <20 - Privilege Escalation
CVSS 7.5
CVE-2020-3794
CRITICAL
ColdFusion <2018 - Code Injection
CVSS 9.8
CVE-2020-8128
CRITICAL
jsreport <2.5.0 - SSRF
CVSS 9.8
CVE-2019-16951
MEDIUM
Enghouse Web Chat 6.2.284.34 - RFI
CVSS 5.3
CVE-2019-8154
HIGH
Magento < 2.2.10 - Remote Code Execution
CVSS 8.8
CVE-2019-11742
MEDIUM
Firefox <69, Thunderbird <68.1, Firefox ESR <60.9, Firefox ESR <68....
CVSS 6.5
CVE-2019-10666
HIGH
LibreNMS <1.47 - RCE
CVSS 8.1
CVE-2019-5479
HIGH
larvitbase-api < v0.5.5 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities
230