Common Weakness Enumeration

CWE-669

Allowed-with-Review

Incorrect Resource Transfer Between Spheres

Abstraction: Class · Status: Draft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

144 vulnerabilities reference this CWE, most recent first.

GHSA-C4J8-5XV4-XCXH

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-09-15 00:00
VLAI
Details

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-02T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.",
  "id": "GHSA-c4j8-5xv4-xcxh",
  "modified": "2022-09-15T00:00:21Z",
  "published": "2022-05-24T19:09:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34574"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CFX3-M5FR-8C98

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39
VLAI
Details

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-19T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.",
  "id": "GHSA-cfx3-m5fr-8c98",
  "modified": "2022-05-24T17:39:27Z",
  "published": "2022-05-24T17:39:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27268"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F3JF-WGCF-HQJR

Vulnerability from github – Published: 2025-09-19 00:30 – Updated: 2025-09-19 00:30
VLAI
Details

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T23:15:34Z",
    "severity": "LOW"
  },
  "details": "PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system\u0027s existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.",
  "id": "GHSA-f3jf-wgcf-hqjr",
  "modified": "2025-09-19T00:30:58Z",
  "published": "2025-09-19T00:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59692"
    },
    {
      "type": "WEB",
      "url": "https://anagogistis.com/posts/purevpn-ipv6-leak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG2Q-V428-2GPH

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2022-11-22 19:37
VLAI
Summary
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
Details

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.vorto:org.eclipse.vorto.core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494",
      "CWE-669",
      "CWE-829"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T19:37:26Z",
    "nvd_published_at": "2019-04-22T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.",
  "id": "GHSA-fg2q-v428-2gph",
  "modified": "2022-11-22T19:37:26Z",
  "published": "2022-05-24T16:44:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10248"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eclipse/vorto"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS"
}

GHSA-G4H2-2GP2-J3WQ

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-25T20:16:37Z",
    "severity": "MODERATE"
  },
  "details": "In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.",
  "id": "GHSA-g4h2-2gp2-j3wq",
  "modified": "2026-05-26T13:30:49Z",
  "published": "2026-05-26T13:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48845"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/7b52353653a67e6073b97d70eb94047132b78556"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/d82b8c6cd06c378eca6d647ccd548f4ff1c68659"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"
    },
    {
      "type": "WEB",
      "url": "https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4HC-RPR7-VVCR

Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-09-01 00:00
VLAI
Details

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36338"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-21T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.",
  "id": "GHSA-g4hc-rpr7-vvcr",
  "modified": "2022-09-01T00:00:17Z",
  "published": "2022-01-22T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36338"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000194640"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6WH-H8P9-V37J

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18
VLAI
Details

SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-0055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-03-08T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.",
  "id": "GHSA-g6wh-h8p9-v37j",
  "modified": "2022-04-30T18:18:27Z",
  "published": "2022-04-30T18:18:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0055"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-012"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A30"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=101558498401274\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/8307.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/4204"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GFW5-R5R2-FV73

Vulnerability from github – Published: 2025-08-03 18:32 – Updated: 2025-11-25 09:31
VLAI
Details

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-03T18:15:25Z",
    "severity": "LOW"
  },
  "details": "The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.",
  "id": "GHSA-gfw5-r5r2-fv73",
  "modified": "2025-11-25T09:31:22Z",
  "published": "2025-08-03T18:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54956"
    },
    {
      "type": "WEB",
      "url": "https://github.com/r-lib/gh/issues/222"
    },
    {
      "type": "WEB",
      "url": "https://github.com/r-lib/gh/commit/b575d488c71318449cc6c8c989c617db29275848"
    },
    {
      "type": "WEB",
      "url": "https://github.com/r-lib/gh/compare/v1.4.1...v1.5.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GRJH-583F-V73H

Vulnerability from github – Published: 2026-04-10 18:31 – Updated: 2026-05-05 03:31
VLAI
Details

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-10T16:16:33Z",
    "severity": "LOW"
  },
  "details": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.",
  "id": "GHSA-grjh-583f-v73h",
  "modified": "2026-05-05T03:31:39Z",
  "published": "2026-04-10T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/04/08/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GVXV-5FP2-358Q

Vulnerability from github – Published: 2019-09-11 23:08 – Updated: 2022-11-17 18:24
VLAI
Summary
Incorrect Resource Transfer Between Spheres in eclipse-wtp
Details

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. Note: In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.diffplug.spotless:spotless-eclipse-wtp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.diffplug.spotless:spotless-eclipse-cdt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.diffplug.spotless:spotless-eclipse-groovy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-11T22:56:33Z",
    "nvd_published_at": "2019-09-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low.",
  "id": "GHSA-gvxv-5fp2-358q",
  "modified": "2022-11-17T18:24:26Z",
  "published": "2019-09-11T23:08:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10753"
    },
    {
      "type": "WEB",
      "url": "https://github.com/diffplug/spotless/issues/360"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/diffplug/spotless"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect Resource Transfer Between Spheres in eclipse-wtp"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.