Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-08 | CVE-2022-27593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Qnap Photo Station An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. | 9.1 |
| 2022-09-06 | CVE-2022-2431 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. | 8.8 |
| 2022-09-06 | CVE-2022-2633 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Plugins360 All-In-One Video Gallery 2.5.8/2.5.9/2.6.0 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. | 8.2 |
| 2022-08-29 | CVE-2022-2638 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Atlasgondal Export ALL Urls The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. | 6.5 |
| 2022-08-22 | CVE-2022-28710 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.5 |
| 2022-08-22 | CVE-2022-32761 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.5 |
| 2022-08-12 | CVE-2022-20319 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 13.0 In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. | 7.8 |
| 2022-08-10 | CVE-2022-20239 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | 9.8 |
| 2022-07-28 | CVE-2016-0796 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mb.Miniaudioplayer Project Mb.Miniaudioplayer WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. | 7.5 |
| 2022-07-17 | CVE-2015-10003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Filezilla-Project Filezilla Server A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. | 4.3 |