Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-05 | CVE-2021-26711 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Redwood Report2Web 4.3.4.5 A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter. | 5.0 |
| 2020-10-15 | CVE-2020-6105 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. | 6.8 |
| 2020-09-17 | CVE-2020-0345 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In DocumentsUI, there is a possible permission bypass due to a confused deputy. | 4.4 |
| 2020-09-17 | CVE-2020-0337 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. | 2.1 |
| 2020-09-17 | CVE-2020-0267 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. | 9.3 |
| 2020-09-01 | CVE-2018-12475 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Opensuse Open Build Service A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. | 5.4 |
| 2020-08-07 | CVE-2020-5412 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix 2.1.0/2.2.0 Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 4.0 |
| 2020-07-29 | CVE-2020-8553 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes Ingress-Nginx The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. | 4.9 |
| 2020-07-01 | CVE-2020-14057 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Monstaftp Monsta FTP Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. | 7.5 |
| 2020-06-11 | CVE-2020-0210 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. | 4.6 |