CWE-669
Incorrect Resource Transfer Between Spheres
Description
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Hierarchy (View 1000)
CVEs mapped to this weakness (54)
page 1 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5062 | Cri | 0.64 | 9.8 | 0.04 | Sep 29, 2016 | The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | ||
| CVE-2026-31431 | Hig | 0.59 | 7.8 | 0.97 | KEV | Apr 22, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the… | |
| CVE-2025-41645 | — | Hig | 0.56 | 8.6 | 0.00 | May 13, 2025 | An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake. | |
| CVE-2025-34158 | Hig | 0.55 | 8.5 | 0.01 | Aug 21, 2025 | Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner). | ||
| CVE-2025-62775 | Hig | 0.52 | 8.0 | 0.00 | Oct 22, 2025 | Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. | ||
| CVE-2026-42997 | — | Hig | 0.50 | 7.7 | 0.00 | May 5, 2026 | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic… | |
| CVE-2025-59363 | Hig | 0.50 | 7.7 | 0.00 | Sep 14, 2025 | In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created), | ||
| CVE-2026-12068 | Hig | 0.48 | 7.4 | 0.00 | Jun 12, 2026 | Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira… | ||
| CVE-2026-48831 | Hig | 0.47 | — | 0.00 | May 24, 2026 | Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping… | ||
| CVE-2026-24708 | — | Hig | 0.46 | 8.2 | 0.00 | Feb 18, 2026 | An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format… | |
| CVE-2024-38519 | Hig | 0.44 | 7.8 | 0.00 | Jul 2, 2024 | `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on… | ||
| CVE-2025-59378 | Med | 0.37 | 5.7 | 0.00 | Sep 15, 2025 | In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended). | ||
| CVE-2017-14013 | Med | 0.36 | 5.6 | 0.01 | Oct 17, 2017 | A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms,… | ||
| CVE-2026-46448 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2026 | In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. | ||
| CVE-2026-48846 | Med | 0.35 | 6.5 | 0.00 | May 25, 2026 | In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass. | ||
| CVE-2026-48845 | Med | 0.35 | 6.5 | 0.00 | May 25, 2026 | In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message. | ||
| CVE-2026-41525 | Med | 0.35 | 6.5 | 0.00 | Apr 28, 2026 | KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file,… | ||
| CVE-2026-40225 | Med | 0.35 | 6.4 | 0.00 | Apr 10, 2026 | In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | ||
| CVE-2026-41030 | Med | 0.33 | 6.2 | 0.00 | Apr 16, 2026 | In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges. | ||
| CVE-2026-46447 | Med | 0.31 | 5.8 | 0.00 | Jun 3, 2026 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. |
- risk 0.64cvss 9.8epss 0.04
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
- risk 0.59cvss 7.8epss 0.97
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…
- risk 0.56cvss 8.6epss 0.00
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.
- risk 0.55cvss 8.5epss 0.01
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).
- risk 0.52cvss 8.0epss 0.00
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.
- risk 0.50cvss 7.7epss 0.00
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic…
- risk 0.50cvss 7.7epss 0.00
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
- risk 0.48cvss 7.4epss 0.00
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira…
- risk 0.47cvss —epss 0.00
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping…
- risk 0.46cvss 8.2epss 0.00
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format…
- risk 0.44cvss 7.8epss 0.00
`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on…
- risk 0.37cvss 5.7epss 0.00
In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).
- risk 0.36cvss 5.6epss 0.01
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms,…
- risk 0.35cvss 5.4epss 0.00
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
- risk 0.35cvss 6.5epss 0.00
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.
- risk 0.35cvss 6.5epss 0.00
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.
- risk 0.35cvss 6.5epss 0.00
KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file,…
- risk 0.35cvss 6.4epss 0.00
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
- risk 0.33cvss 6.2epss 0.00
In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.
- risk 0.31cvss 5.8epss 0.00
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.