Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-13 | CVE-2022-20223 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.2 |
| 2022-06-28 | CVE-2021-3779 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ruby-Mysql Project Ruby-Mysql A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. | 4.3 |
| 2022-06-02 | CVE-2022-24241 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | 5.0 |
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |
| 2022-04-21 | CVE-2022-20789 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cisco Unified Communications Manager 12.5(1)/14.0 A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. | 6.5 |
| 2022-04-14 | CVE-2022-24854 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 6.5 |
| 2022-03-30 | CVE-2021-39765 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.1 In Gallery, there is a possible permission bypass due to a confused deputy. | 2.1 |
| 2022-03-30 | CVE-2021-39787 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. | 9.3 |
| 2022-03-16 | CVE-2021-39703 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. | 7.2 |
| 2022-03-16 | CVE-2021-39707 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/11.0/12.0 In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.2 |