Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-22 | CVE-2021-0536 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. | 7.8 |
2021-06-22 | CVE-2021-0550 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. | 7.8 |
2021-06-22 | CVE-2021-0608 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. | 7.8 |
2021-05-22 | CVE-2021-1306 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cisco Identity Services Engine A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. | 3.4 |
2021-04-28 | CVE-2021-27648 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Synology Antivirus Essential Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors. | 8.8 |
2021-04-15 | CVE-2021-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Openoffice The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. | 8.8 |
2021-04-14 | CVE-2021-27183 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Altn Mdaemon An issue was discovered in MDaemon before 20.0.4. | 7.2 |
2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 8.8 |
2021-02-05 | CVE-2021-26711 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Redwood Report2Web 4.3.4.5 A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter. | 5.3 |
2020-10-15 | CVE-2020-6105 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. | 7.8 |