Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-42893 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). | 7.5 |
| 2022-10-14 | CVE-2021-27406 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Perfact Openvpn-Client An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. | 8.8 |
| 2022-09-13 | CVE-2022-39206 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 9.9 |
| 2022-09-06 | CVE-2022-2633 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Plugins360 All-In-One Video Gallery 2.5.8/2.5.9/2.6.0 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. | 8.2 |
| 2022-08-10 | CVE-2022-20239 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | 9.8 |
| 2022-07-28 | CVE-2016-0796 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mb.Miniaudioplayer Project Mb.Miniaudioplayer WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. | 7.5 |
| 2022-07-13 | CVE-2022-20223 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.2 |
| 2022-06-28 | CVE-2021-3779 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ruby-Mysql Project Ruby-Mysql A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. | 4.3 |
| 2022-06-02 | CVE-2022-24241 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | 5.0 |
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |