Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-9438 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In the Package Manager service, there is a possible information disclosure due to a confused deputy. | 2.1 |
| 2019-09-27 | CVE-2019-9292 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In the Activity Manager service, there is a possible information disclosure due to a confused deputy. | 2.1 |
| 2019-02-11 | CVE-2018-9582 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 8.0/8.1/9.0 In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. | 4.6 |
| 2019-01-15 | CVE-2017-18357 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Shopware Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. | 4.0 |
| 2018-10-18 | CVE-2018-12381 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox and Firefox ESR Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. | 5.0 |
| 2017-11-15 | CVE-2017-15269 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Psftp Psftpd 10.0.4 The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. | 4.0 |
| 2017-04-12 | CVE-2017-0211 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability." | 4.3 |