Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-42733 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42734 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42891 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-11-17 | CVE-2022-42893 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-10-14 | CVE-2021-27406 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Perfact Openvpn-Client 1.4.1.0 An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. | 8.8 |
| 2022-09-08 | CVE-2022-27593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Qnap Photo Station An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. | 9.1 |
| 2022-09-06 | CVE-2022-2431 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. | 8.8 |
| 2022-09-06 | CVE-2022-2633 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Plugins360 All-In-One Video Gallery 2.5.8/2.5.9/2.6.0 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. | 8.2 |
| 2022-08-29 | CVE-2022-2638 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Atlasgondal Export ALL Urls The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. | 6.5 |
| 2022-08-22 | CVE-2022-28710 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.5 |