CWE-642
13 CVEs classified under CWE-642. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-27872 | High | 8.8 | 2021-02-04 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication… |
CVE-2023-0575 | High | 7.2 | 2023-02-09 | External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linu… |
CVE-2025-49090 | High | 7.1 | 2025-10-02 | The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution. |
CVE-2024-22387 | Medium | 6.8 | 2024-07-11 | External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify de… |
CVE-2022-22154 | Medium | 6.8 | 2022-01-19 | In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Juno… |
CVE-2020-26186 | Medium | 6.8 | 2021-01-08 | Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may… |
CVE-2024-8754 | Medium | 6.4 | 2024-09-12 | An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper in… |
CVE-2020-1976 | Medium | 4.7 | 2020-02-12 | A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS ker… |
CVE-2025-54566 | Medium | 4.2 | 2025-07-25 | hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327. |
CVE-2024-58265 | Low | 3.1 | 2025-07-27 | The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery. |
CVE-2019-9496 | | 2019-04-17 | An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm messag… | |
CVE-2018-15382 | | 2018-10-05 | A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due… | |
CVE-2017-0928 | | 2018-06-04 | html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitizati… |