Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-11 | CVE-2020-0210 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. | 7.8 |
| 2020-06-03 | CVE-2020-5297 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. | 2.7 |
| 2020-06-03 | CVE-2020-5296 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. | 4.9 |
| 2020-05-13 | CVE-2020-2009 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. | 7.2 |
| 2020-03-23 | CVE-2020-9752 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Naver Cloud Explorer Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | 9.8 |
| 2019-12-18 | CVE-2019-7290 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apple Shortcuts An access issue was addressed with additional sandbox restrictions. | 10.0 |
| 2019-12-17 | CVE-2019-3996 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. | 6.5 |
| 2019-11-14 | CVE-2019-15744 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia XZS Firmware The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
| 2019-11-14 | CVE-2019-15743 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia Touch Firmware The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
| 2019-11-14 | CVE-2019-15475 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A3 Firmware The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |