Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-29 | CVE-2024-28826 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Checkmk Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | 8.1 |
| 2024-04-01 | CVE-2023-6154 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Bitdefender products A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. | 7.8 |
| 2024-02-21 | CVE-2024-25117 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Dompdf PHP-Svg-Lib php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. | 9.8 |
| 2024-02-08 | CVE-2024-1329 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Hashicorp Nomad 1.5.13/1.6.6/1.7.3. HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. | 7.5 |
| 2024-01-22 | CVE-2020-36772 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cloudlinux Cagefs CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. | 4.4 |
| 2024-01-19 | CVE-2024-0728 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foru CMS Project Foru CMS 20200623 A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. | 9.8 |
| 2024-01-10 | CVE-2023-49862 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-49863 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-49864 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo Devmastercommit15Fed957Fb An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2023-12-14 | CVE-2023-6569 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4 External Control of File Name or Path in h2oai/h2o-3 | 8.2 |