Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-08 | CVE-2023-0003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. | 6.5 |
| 2023-01-10 | CVE-2022-43513 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). | 7.5 |
| 2023-01-05 | CVE-2014-125044 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wing-Tight Project Wing-Tight A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. | 9.8 |
| 2022-12-30 | CVE-2022-34669 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nvidia Cloud Gaming and Virtual GPU NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 |
| 2022-12-22 | CVE-2022-3032 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Thunderbird When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. | 6.5 |
| 2022-12-16 | CVE-2022-20199 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 13.0 In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. | 5.5 |
| 2022-12-07 | CVE-2022-45918 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
| 2022-11-17 | CVE-2022-42732 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42733 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42734 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |