Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-5247 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mitsubishielectric products Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. | 7.8 |
| 2023-11-27 | CVE-2023-35985 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356 An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. | 8.8 |
| 2023-11-27 | CVE-2023-39542 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356 A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. | 8.8 |
| 2023-11-27 | CVE-2023-40194 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356 An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. | 8.8 |
| 2023-11-15 | CVE-2023-34982 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aveva products This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. | 7.1 |
| 2023-10-27 | CVE-2023-40139 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. | 5.5 |
| 2023-10-17 | CVE-2023-4089 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wago products On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. | 2.7 |
| 2023-10-04 | CVE-2023-44209 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Agent C22.02 Local privilege escalation due to improper soft link handling. | 7.8 |
| 2023-09-05 | CVE-2023-32615 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Openautomationsoftware OAS Platform 18.00.0072 A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. | 8.1 |
| 2023-09-01 | CVE-2023-4704 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Instantcms External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.9 |