Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-40139 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. | 5.5 |
| 2023-10-17 | CVE-2023-4089 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wago products On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. | 2.7 |
| 2023-10-04 | CVE-2023-44209 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Agent C22.02 Local privilege escalation due to improper soft link handling. | 7.8 |
| 2023-09-05 | CVE-2023-32615 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Openautomationsoftware OAS Platform 18.00.0072 A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. | 8.1 |
| 2023-09-01 | CVE-2023-4704 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Instantcms External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.9 |
| 2023-08-31 | CVE-2022-46869 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Cyber Protect Home Office Local privilege escalation during installation due to improper soft link handling. | 7.8 |
| 2023-08-31 | CVE-2022-46868 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Cyber Protect Home Office 39900/40107 Local privilege escalation during recovery due to improper soft link handling. | 7.8 |
| 2023-08-09 | CVE-2023-35838 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wireguard 0.5.3 The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. | 5.7 |
| 2023-08-09 | CVE-2023-37855 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. | 4.3 |
| 2023-08-09 | CVE-2023-37856 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . | 4.3 |