Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-15 | CVE-2022-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Honeywell Alerton Compass 1.6.5 Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. | 6.5 |
2022-07-13 | CVE-2022-20223 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.8 |
2022-06-28 | CVE-2021-3779 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ruby-Mysql Project Ruby-Mysql A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. | 6.5 |
2022-06-02 | CVE-2022-24241 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | 7.5 |
2022-04-21 | CVE-2022-20789 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cisco Unified Communications Manager 12.5(1)/14.0 A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. | 6.5 |
2022-03-30 | CVE-2021-39765 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.1 In Gallery, there is a possible permission bypass due to a confused deputy. | 5.5 |
2022-03-30 | CVE-2021-39787 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. | 7.8 |
2022-03-16 | CVE-2021-39703 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. | 7.8 |
2022-03-16 | CVE-2021-39707 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/11.0/12.0 In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.8 |
2022-02-11 | CVE-2021-39663 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. | 7.8 |