Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-39663 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. | 7.2 |
| 2022-02-11 | CVE-2021-39668 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0/12.0 In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. | 7.2 |
| 2022-01-14 | CVE-2021-1035 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0 In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. | 7.2 |
| 2022-01-14 | CVE-2021-39626 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. | 7.2 |
| 2021-12-20 | CVE-2021-43844 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Msedgeredirect Project Msedgeredirect MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. | 9.3 |
| 2021-12-15 | CVE-2021-1003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. | 4.6 |
| 2021-12-14 | CVE-2021-44041 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Uipath Assistant 21.4.4 UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. | 10.0 |
| 2021-12-01 | CVE-2021-43794 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Discourse Discourse is an open source discussion platform. | 5.0 |
| 2021-12-01 | CVE-2021-43685 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Libretime HV 3.0.0 libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. | 7.5 |
| 2021-10-22 | CVE-2021-0708 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. | 7.2 |