Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-17 | CVE-2020-0345 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In DocumentsUI, there is a possible permission bypass due to a confused deputy. | 7.8 |
| 2020-09-17 | CVE-2020-0267 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. | 7.8 |
| 2020-08-07 | CVE-2020-5412 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 6.5 |
| 2020-07-29 | CVE-2020-8553 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes Ingress-Nginx The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. | 5.9 |
| 2020-07-01 | CVE-2020-14057 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Monstaftp Monsta FTP Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. | 9.8 |
| 2020-06-11 | CVE-2020-0210 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. | 7.8 |
| 2020-06-03 | CVE-2020-5297 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. | 2.7 |
| 2020-06-03 | CVE-2020-5296 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. | 4.9 |
| 2020-05-13 | CVE-2020-2009 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. | 7.2 |
| 2020-03-23 | CVE-2020-9752 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Naver Cloud Explorer Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | 9.8 |