Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-9292 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0
In the Activity Manager service, there is a possible information disclosure due to a confused deputy.
local
low complexity
google CWE-610
2.1
2019-02-11 CVE-2018-9582 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 8.0/8.1/9.0
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario.
local
low complexity
google CWE-610
4.6
2019-01-15 CVE-2017-18357 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Shopware
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
network
low complexity
shopware CWE-610
4.0
2018-10-18 CVE-2018-12381 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox and Firefox ESR
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL.
network
low complexity
mozilla microsoft CWE-610
5.0
2017-11-15 CVE-2017-15269 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Psftp Psftpd 10.0.4
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default.
network
low complexity
psftp CWE-610
4.0
2017-04-12 CVE-2017-0211 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."
network
microsoft CWE-610
4.3