Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-1329 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Hashicorp Nomad 1.5.13/1.6.6/1.7.3.
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks.
network
low complexity
hashicorp CWE-610
7.5
2024-02-02 CVE-2024-24760 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mailcow Mailcow: Dockerized
mailcow is a dockerized email package, with multiple containers linked in one bridged network.
low complexity
mailcow CWE-610
7.3
2024-01-22 CVE-2020-36772 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cloudlinux Cagefs
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command.
local
low complexity
cloudlinux CWE-610
4.4
2024-01-19 CVE-2024-0728 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foru CMS Project Foru CMS
A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23.
network
low complexity
foru-cms-project CWE-610
critical
9.8
2024-01-10 CVE-2023-49862 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-610
6.5
2024-01-10 CVE-2023-49863 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-610
6.5
2024-01-10 CVE-2023-49864 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo Devmastercommit15Fed957Fb
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-610
6.5
2023-12-14 CVE-2023-6569 Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4
External Control of File Name or Path in h2oai/h2o-3
network
low complexity
h2o CWE-610
8.2
2023-12-08 CVE-2023-6618 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Oretnom23 Simple Student Attendance System 1.0
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0.
network
low complexity
oretnom23 CWE-610
8.8
2023-11-30 CVE-2023-5247 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mitsubishielectric products
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
local
low complexity
mitsubishielectric CWE-610
7.8