Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-20 | CVE-2020-8561 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. | 4.0 |
| 2021-09-20 | CVE-2021-25740 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | 3.5 |
| 2021-08-17 | CVE-2021-0591 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. | 6.8 |
| 2021-08-17 | CVE-2021-0593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. | 4.6 |
| 2021-08-11 | CVE-2020-21363 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0 An arbitrary file deletion vulnerability exists within Maccms10. | 5.5 |
| 2021-08-10 | CVE-2020-23171 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nim-Lang A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | 4.3 |
| 2021-08-05 | CVE-2021-32576 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). | 4.6 |
| 2021-08-05 | CVE-2021-32578 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). | 4.6 |
| 2021-07-23 | CVE-2021-32783 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Projectcontour Contour Contour is a Kubernetes ingress controller using Envoy proxy. | 5.5 |
| 2021-07-20 | CVE-2021-32773 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Racket-Lang Racket Racket is a general-purpose programming language and an ecosystem for language-oriented programming. | 5.0 |