Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2021-06-22 CVE-2021-0536 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0
In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy.
local
low complexity
google CWE-610
7.8
2021-06-22 CVE-2021-0550 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0
In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy.
local
low complexity
google CWE-610
7.8
2021-06-22 CVE-2021-0608 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy.
local
low complexity
google CWE-610
7.8
2021-05-22 CVE-2021-1306 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cisco Identity Services Engine
A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system.
local
low complexity
cisco CWE-610
3.4
2021-04-28 CVE-2021-27648 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Synology Antivirus Essential
Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
network
low complexity
synology CWE-610
8.8
2021-04-15 CVE-2021-30245 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Openoffice
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks.
network
low complexity
apache CWE-610
8.8
2021-04-14 CVE-2021-27183 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Altn Mdaemon
An issue was discovered in MDaemon before 20.0.4.
network
low complexity
altn CWE-610
7.2
2021-02-23 CVE-2020-25161 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
network
low complexity
advantech CWE-610
8.8
2021-02-05 CVE-2021-26711 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Redwood Report2Web 4.3.4.5
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.
network
low complexity
redwood CWE-610
5.3
2020-10-15 CVE-2020-6105 Externally Controlled Reference to a Resource in Another Sphere vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13.
local
low complexity
f2fs-tools-project CWE-610
7.8