CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

257 vulnerabilities with CWE-829

CVE-2022-1161 CRITICAL

ControlLogix, CompactLogix, GuardLogix - Code Injection

CVSS 10.0

CVE-2022-25486 HIGH

CuppaCMS v1.0 - Local File Inclusion

CVSS 7.8

CVE-2022-25485 HIGH

CuppaCMS v1.0 - Local File Inclusion

CVSS 7.8

CVE-2022-24329 MEDIUM

JetBrains Kotlin <1.6.0 - Info Disclosure

CVSS 5.3

CVE-2022-24232 HIGH

Hospital Patient Record Management System v1.0 - RCE

CVSS 7.8

CVE-2022-22308 HIGH

IBM Planning Analytics 2.0 - Remote File Inclusion via File Include Commands

CVSS 7.8

CVE-2022-23630 HIGH

Gradle 6.2.0-7.3.3 - Dependency Verification Bypass via Configuration Resolution Order

CVSS 7.5

CVE-2021-41037 CRITICAL

Eclipse Equinox p2 - Untrusted Installable Unit Execution via Touchpoint Configuration

CVSS 10.0

CVE-2021-4229 MEDIUM

ua-parser-js 0.7.29 0.8.0 1.0.0 - Backdoor via Crypto Mining Component

CVSS 5.0

CVE-2021-41841 HIGH

InsydeH2O 5.0-5.5 - Arbitrary Code Execution via SMM Callout in AhciBusDxe

CVSS 8.2

CVE-2021-42133 HIGH

Ivanti Avalanche <6.3.3 - Privilege Escalation

CVSS 8.1

CVE-2021-29113 MEDIUM

ArcGIS Server < 10.9.0 - Unauthenticated Remote File Inclusion in Help Documentation

CVSS 4.7

CVE-2021-41256 MEDIUM

nextcloud news-android < 0.9.9.63 - Unauthenticated Intent Reflection to Content Provider Access

CVSS 5.8

CVE-2021-20843 MEDIUM

RTX830 <15.02.17-RTX1210 <14.01.38 - XSS

CVSS 5.4

CVE-2021-41569 HIGH

SAS/Intrnet <9.4 build 1520 - Local File Inclusion

CVSS 7.5

CVE-2021-33626 HIGH

InsydeH2O 5.3-5.34.44 - Arbitrary Code Execution via SWSMI Handler Buffer Validation

CVSS 7.8

CVE-2021-38360 HIGH

wp-publications <= 0.0 - Local File Inclusion via Q_FILE Parameter

CVSS 8.3

CVE-2021-32802 CRITICAL

Nextcloud Server - Unsafe Image Preview Rendering Enables SSRF or Code Execution

CVSS 9.3

CVE-2021-34398 HIGH

NVIDIA Data Center GPU Manager < 2.2.9 - Privilege Escalation via DIAG Module Shared Library Injection

CVSS 7.8

CVE-2021-21804 CRITICAL

Advantech R-SeeNet <2.4.12 - Code Injection

CVSS 9.8

CVE-2021-34692 HIGH

iDrive RemotePC < 7.6.48 - Privilege Escalation via Executable Execution

CVSS 7.8

CVE-2021-30121 MEDIUM

Semi-authenticated local file inclusion - Path Traversal

CVSS 6.5

CVE-2021-29777 MEDIUM

IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Authenticated Denial of Service via Table Drop During Concurrent Access

CVSS 6.5

CVE-2021-3603 HIGH

PHPMailer < 6.4.1 - Untrusted Code Execution via validateAddress Function

CVSS 8.1

CVE-2021-30507 HIGH

Google Chrome <90.0.4430.212 - Info Disclosure

CVSS 8.8

Details

Vulnerabilities 257

Links