Common Weakness Enumeration

CWE-669

Allowed-with-Review

Incorrect Resource Transfer Between Spheres

Abstraction: Class · Status: Draft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

144 vulnerabilities reference this CWE, most recent first.

GHSA-7H4F-H4V7-62J6

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-602",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user\u0027s session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.",
  "id": "GHSA-7h4f-h4v7-62j6",
  "modified": "2022-05-13T01:37:39Z",
  "published": "2022-05-13T01:37:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14013"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101259"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7R4W-V667-C6CR

Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-08-02 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings

Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle:

WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)",
  "id": "GHSA-7r4w-v667-c6cr",
  "modified": "2024-08-02T15:31:17Z",
  "published": "2024-07-30T09:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42158"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7WP3-3RR7-485G

Vulnerability from github – Published: 2025-08-21 15:30 – Updated: 2026-01-02 18:30
VLAI
Details

Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may have posed a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-21T14:15:39Z",
    "severity": "CRITICAL"
  },
  "details": "Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex\u2019s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may have posed a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately.",
  "id": "GHSA-7wp3-3rr7-485g",
  "modified": "2026-01-02T18:30:19Z",
  "published": "2025-08-21T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34158"
    },
    {
      "type": "WEB",
      "url": "https://forums.plex.tv/t/plex-media-server-security-update/928341"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lufinkey/vulnerability-research/blob/main/CVE-2025-34158/README.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lufinkey/vulnerability-research/tree/main/CVE-2025-34158"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately"
    },
    {
      "type": "WEB",
      "url": "https://www.plex.tv/media-server-downloads"
    },
    {
      "type": "WEB",
      "url": "https://www.runzero.com/blog/plex"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/plugins/nessus/250294"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/plex-media-server-unspecified"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7XCV-HWP5-79FX

Vulnerability from github – Published: 2022-12-13 12:30 – Updated: 2024-04-04 03:13
VLAI
Details

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669",
      "CWE-98"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-13T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.",
  "id": "GHSA-7xcv-hwp5-79fx",
  "modified": "2024-04-04T03:13:27Z",
  "published": "2022-12-13T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4446"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tsolucio/corebos/commit/8035e725ecb397348bd50545e90975b699e4f9f2"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/718f1be6-3834-4ef2-8134-907a52009894"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-83WH-H8H8-HXQ9

Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2024-04-03 23:49
VLAI
Details

FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-2979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-01T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.",
  "id": "GHSA-83wh-h8h8-hxq9",
  "modified": "2024-04-03T23:49:26Z",
  "published": "2022-04-23T00:40:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2979"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2012-2979"
    },
    {
      "type": "WEB",
      "url": "https://vuxml.freebsd.org/freebsd/17f369dc-d7e7-11e1-90a2-000c299b62e1.html"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/plugins/nessus/60150"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-862P-MJJ9-4WCQ

Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-01-15 00:01
VLAI
Details

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-14T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.",
  "id": "GHSA-862p-mjj9-4wcq",
  "modified": "2022-01-15T00:01:53Z",
  "published": "2022-01-15T00:01:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20658"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8X4Q-773G-Q756

Vulnerability from github – Published: 2025-10-10 09:30 – Updated: 2025-10-10 09:30
VLAI
Details

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-10T07:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.",
  "id": "GHSA-8x4q-773g-q756",
  "modified": "2025-10-10T09:30:49Z",
  "published": "2025-10-10T09:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62292"
    },
    {
      "type": "WEB",
      "url": "https://sonarsource.atlassian.net/browse/SONAR-24830"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-994H-6RHW-F376

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-24T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox \u003c 89.",
  "id": "GHSA-994h-6rhw-f376",
  "modified": "2022-05-24T19:06:08Z",
  "published": "2022-05-24T19:06:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29960"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675965"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-09"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-9J3M-G383-29QR

Vulnerability from github – Published: 2022-08-14 00:25 – Updated: 2022-08-14 00:25
VLAI
Summary
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Details

Impact

Contracts using the cross chain utilies for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This is assessed as low severity because any action taken by an EOA on the contract could also be taken by the EOA through the bridge if the issue was not present.

Patches

This issue has been patched in v4.7.2.

References

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578

For more information

If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at security@openzeppelin.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openzeppelin/contracts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.6.0"
            },
            {
              "fixed": "4.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openzeppelin/contracts-upgradeable"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.6.0"
            },
            {
              "fixed": "4.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-14T00:25:11Z",
    "nvd_published_at": "2022-08-01T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nContracts using the cross chain utilies for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This is assessed as low severity because any action taken by an EOA on the contract could also be taken by the EOA through the bridge if the issue was not present.\n\n### Patches\n\nThis issue has been patched in v4.7.2.\n\n### References\n\nhttps://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578\n\n### For more information\n\nIf you have any questions or comments about this advisory, or need assistance deploying a fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).",
  "id": "GHSA-9j3m-g383-29qr",
  "modified": "2022-08-14T00:25:11Z",
  "published": "2022-08-14T00:25:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9j3m-g383-29qr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35916"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenZeppelin Contracts\u0027s Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls"
}

GHSA-9VWP-H229-H4CM

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-25T20:16:37Z",
    "severity": "LOW"
  },
  "details": "Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.",
  "id": "GHSA-9vwp-h229-h4cm",
  "modified": "2026-05-26T13:30:49Z",
  "published": "2026-05-26T13:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48847"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/703318e6a59515b73b0d8aa2a91e346b02f56baa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/a4eb375b98cc3d055de665c34efc729dd8ef272a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"
    },
    {
      "type": "WEB",
      "url": "https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.