Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-30 | CVE-2022-34669 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nvidia Cloud Gaming and Virtual GPU NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 |
| 2022-12-22 | CVE-2022-3032 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Thunderbird When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. | 6.5 |
| 2022-12-16 | CVE-2022-20199 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 13.0 In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. | 5.5 |
| 2022-12-07 | CVE-2022-45918 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
| 2022-11-17 | CVE-2022-42732 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42733 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42734 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42891 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42893 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-10-14 | CVE-2021-27406 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Perfact Openvpn-Client 1.4.1.0 An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. | 8.8 |