Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-35985 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension.
network
low complexity
foxitsoftware CWE-610
8.8
2023-11-27 CVE-2023-39542 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.
network
low complexity
foxitsoftware CWE-610
8.8
2023-11-27 CVE-2023-40194 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters.
network
low complexity
foxitsoftware CWE-610
8.8
2023-11-15 CVE-2023-34982 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aveva products
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
local
low complexity
aveva CWE-610
7.1
2023-10-27 CVE-2023-40139 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy.
local
low complexity
google CWE-610
5.5
2023-10-17 CVE-2023-4089 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wago products
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion.
network
low complexity
wago CWE-610
2.7
2023-10-04 CVE-2023-44209 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Agent C22.02
Local privilege escalation due to improper soft link handling.
local
low complexity
acronis CWE-610
7.8
2023-09-05 CVE-2023-32615 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Openautomationsoftware OAS Platform 18.00.0072
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072.
network
low complexity
openautomationsoftware CWE-610
8.1
2023-09-01 CVE-2023-4704 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Instantcms
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
network
low complexity
instantcms CWE-610
4.9
2023-08-31 CVE-2022-46868 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Cyber Protect Home Office 39900/40107
Local privilege escalation during recovery due to improper soft link handling.
local
low complexity
acronis CWE-610
7.8