VYPR

CWE-669

Incorrect Resource Transfer Between Spheres

ClassDraft

Description

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (54)

page 3 of 3
  • CVE-2002-0055Mar 8, 2002
    risk 0.03cvss epss 0.38

    SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

  • CVE-2025-67895Dec 17, 2025
    risk 0.00cvss epss 0.01

    Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you…

  • CVE-2025-46553May 5, 2025
    risk 0.00cvss epss 0.00

    @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey…

  • CVE-2024-37891Jun 17, 2024
    risk 0.00cvss epss 0.01

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support,…

  • CVE-2024-29018Mar 20, 2024
    risk 0.00cvss epss 0.01

    Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be…

  • CVE-2022-46173Dec 28, 2022
    risk 0.00cvss epss 0.01

    Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad…

  • CVE-2022-39225Sep 23, 2022
    risk 0.00cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an…

  • CVE-2022-35916Aug 1, 2022
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls,…

  • CVE-2021-25973Nov 2, 2021
    risk 0.00cvss epss 0.01

    In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

  • CVE-2020-15257Dec 1, 2020
    risk 0.00cvss epss 0.03

    containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified…

  • CVE-2019-10753Sep 5, 2019
    risk 0.00cvss epss 0.01

    In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure…

  • CVE-2019-12728Jun 4, 2019
    risk 0.00cvss epss 0.01

    Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.

  • CVE-2019-10248Apr 22, 2019
    risk 0.00cvss epss 0.00

    Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

  • CVE-2004-0872Sep 16, 2004
    risk 0.00cvss epss 0.03

    Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie…