Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-08 | CVE-2024-1329 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Hashicorp Nomad 1.5.13/1.6.6/1.7.3. HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. | 7.5 |
2024-02-02 | CVE-2024-24760 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mailcow Mailcow: Dockerized mailcow is a dockerized email package, with multiple containers linked in one bridged network. | 7.3 |
2024-01-22 | CVE-2020-36772 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cloudlinux Cagefs CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. | 4.4 |
2024-01-19 | CVE-2024-0728 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foru CMS Project Foru CMS 20200623 A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. | 9.8 |
2024-01-10 | CVE-2023-49862 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
2024-01-10 | CVE-2023-49863 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
2024-01-10 | CVE-2023-49864 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo Devmastercommit15Fed957Fb An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
2023-12-14 | CVE-2023-6569 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4 External Control of File Name or Path in h2oai/h2o-3 | 8.2 |
2023-12-08 | CVE-2023-6618 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. | 8.8 |
2023-11-30 | CVE-2023-5247 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mitsubishielectric products Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. | 7.8 |