CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

257 vulnerabilities with CWE-829
CVE-2021-29427 HIGH
Gradle 5.1-7.0 - Dependency Poisoning and Information Disclosure via Repository Content Filter Bypass
CVSS 8.0
CVE-2021-28162 MEDIUM
Eclipse Theia <= 0.16.0 - Stored Cross-Site Scripting in Notification Messages
CVSS 6.1
CVE-2021-20443 HIGH
IBM Maximo for Civil Infrastructure <7.6.2 - Code Injection
CVSS 8.8
CVE-2021-20187 HIGH
Moodle < 3.5.16, 3.8.7, 3.9.4, 3.10.1 - Authenticated Remote Code Execution via Shibboleth PHP Include
CVSS 7.2
CVE-2021-26272 MEDIUM
CKEditor 4.0-4.15 - Regular Expression Denial of Service via Autolink Plugin
CVSS 6.5
CVE-2021-26271 MEDIUM
CKEditor 4 < 4.16 - Regular Expression Denial of Service via Styles Input Dialog
CVSS 6.5
CVE-2020-36924 MEDIUM
Sony BRAVIA Digital Signage 1.7.8 - RCE
CVSS 6.1
CVE-2020-36905 HIGH
FIBARO System Home Center 5.021 - RCE
CVSS 7.5
CVE-2020-16152 CRITICAL
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
CVSS 9.8
CVE-2020-25414 CRITICAL
Monstra 3.0.4 - Local File Inclusion via Captcha Function
CVSS 9.8
CVE-2020-4561 CRITICAL
IBM Cognos Analytics <11.1 - Info Disclosure
CVSS 10.0
CVE-2020-24985 HIGH
Quadbase EspressReports ES <7 - Command Injection
CVSS 8.1
CVE-2020-22474 MEDIUM
webERP 4.15 - Local File Inclusion via Language Parameter
CVSS 6.5
CVE-2020-29072 MEDIUM
LiquidFiles < 3.3.19 - Cross-Site Script Inclusion via messages/sent and popup Endpoints
CVSS 6.1
CVE-2020-25788 HIGH
Tiny Tiny RSS <2020-09-16 - Info Disclosure
CVSS 8.1
CVE-2020-13175 HIGH
Teradici Cloud Access Connector < v15 - Local File Inclusion
CVSS 7.5
CVE-2020-13651 HIGH
DigDash 2018R2-2019R2 - Remote Code Execution via JNLP File Manipulation
CVSS 7.8
CVE-2020-13977 MEDIUM
Nagios 4.4.5 - Privilege Escalation
CVSS 4.9
CVE-2020-5295 MEDIUM
OctoberCMS <1.0.466 - Info Disclosure
CVSS 4.8
CVE-2020-10865 HIGH
Avast Antivirus <20 - Privilege Escalation
CVSS 7.5
CVE-2020-3794 CRITICAL
ColdFusion 2016 and 2018 - Arbitrary Code Execution via File Inclusion
CVSS 9.8
CVE-2020-8128 CRITICAL
jsreport < 2.5.0 - Server-Side Request Forgery and Arbitrary Code Execution
CVSS 9.8
CVE-2019-16951 MEDIUM
Enghouse Web Chat 6.2.284.34 - Remote File Inclusion via Localhost Attribute Manipulation
CVSS 5.3
CVE-2019-8154 HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via Product Design Update XML File
CVSS 8.8
CVE-2019-11742 MEDIUM
Firefox <69, Thunderbird <68.1, Firefox ESR <60.9, Firefox ESR <68....
CVSS 6.5
Details
Vulnerabilities 257
Links
MITRE CWE Entry Search this CWE With Exploits