Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-42733 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01).
network
low complexity
siemens CWE-610
7.5
2022-11-17 CVE-2022-42734 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01).
network
low complexity
siemens CWE-610
7.5
2022-11-17 CVE-2022-42891 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01).
network
low complexity
siemens CWE-610
7.5
2022-11-17 CVE-2022-42893 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01).
network
low complexity
siemens CWE-610
7.5
2022-10-14 CVE-2021-27406 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Perfact Openvpn-Client
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration.
network
low complexity
perfact CWE-610
8.8
2022-09-13 CVE-2022-39206 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Onedev Project Onedev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.
network
low complexity
onedev-project CWE-610
critical
9.9
2022-09-06 CVE-2022-2633 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Plugins360 All-In-One Video Gallery 2.5.8/2.5.9/2.6.0
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0.
network
low complexity
plugins360 CWE-610
8.2
2022-08-10 CVE-2022-20239 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091
network
low complexity
google CWE-610
critical
9.8
2022-07-28 CVE-2016-0796 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mb.Miniaudioplayer Project Mb.Miniaudioplayer
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input.
network
low complexity
mb-miniaudioplayer-project CWE-610
7.5
2022-07-13 CVE-2022-20223 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy.
local
low complexity
google CWE-610
7.2