Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-15 | CVE-2021-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Openoffice The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. | 8.8 |
| 2021-04-14 | CVE-2021-27183 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Altn Mdaemon An issue was discovered in MDaemon before 20.0.4. | 7.2 |
| 2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 8.8 |
| 2021-02-05 | CVE-2021-26711 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Redwood Report2Web 4.3.4.5 A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter. | 5.3 |
| 2020-10-15 | CVE-2020-6105 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. | 7.8 |
| 2020-09-17 | CVE-2020-0345 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In DocumentsUI, there is a possible permission bypass due to a confused deputy. | 7.8 |
| 2020-09-17 | CVE-2020-0267 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. | 7.8 |
| 2020-08-07 | CVE-2020-5412 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 6.5 |
| 2020-07-29 | CVE-2020-8553 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes Ingress-Nginx The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. | 5.9 |
| 2020-07-01 | CVE-2020-14057 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Monstaftp Monsta FTP Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. | 9.8 |