Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2021-39668 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0/12.0 In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. | 7.8 |
2022-01-14 | CVE-2021-1035 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0 In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. | 7.8 |
2022-01-14 | CVE-2021-39626 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. | 7.8 |
2021-12-15 | CVE-2021-1003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. | 7.8 |
2021-12-14 | CVE-2021-44041 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Uipath Assistant 21.4.4 UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. | 9.8 |
2021-12-01 | CVE-2021-43685 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Libretime HV 3.0.0 libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. | 9.8 |
2021-10-22 | CVE-2021-0708 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. | 7.8 |
2021-09-20 | CVE-2020-8561 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. | 4.1 |
2021-09-20 | CVE-2021-25740 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | 3.1 |
2021-08-17 | CVE-2021-0591 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. | 7.3 |