Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-5823 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. | 9.1 |
| 2024-09-12 | CVE-2024-45826 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0 CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. | 8.8 |
| 2024-08-27 | CVE-2024-8207 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. | 6.7 |
| 2024-08-18 | CVE-2024-7911 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Oretnom23 Simple Online Bidding System 1.0 A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-28962 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. | 7.5 |
| 2024-07-09 | CVE-2024-31319 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. | 7.8 |
| 2024-07-09 | CVE-2024-38049 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | 8.1 |
| 2024-05-29 | CVE-2024-28826 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Checkmk Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | 8.1 |
| 2024-02-08 | CVE-2024-1329 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Hashicorp Nomad 1.5.13/1.6.6/1.7.3. HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. | 7.5 |
| 2024-01-22 | CVE-2020-36772 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cloudlinux Cagefs CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. | 4.4 |