Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2021-39668 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0/12.0
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy.
local
low complexity
google CWE-610
7.8
2022-01-14 CVE-2021-1035 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy.
local
low complexity
google CWE-610
7.8
2022-01-14 CVE-2021-39626 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy.
local
low complexity
google CWE-610
7.8
2021-12-15 CVE-2021-1003 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy.
local
low complexity
google CWE-610
7.8
2021-12-14 CVE-2021-44041 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Uipath Assistant 21.4.4
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://.
network
low complexity
uipath CWE-610
critical
9.8
2021-12-01 CVE-2021-43685 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Libretime HV 3.0.0
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.
network
low complexity
libretime CWE-610
critical
9.8
2021-10-22 CVE-2021-0708 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy.
local
low complexity
google CWE-610
7.8
2021-09-20 CVE-2020-8561 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver.
network
low complexity
kubernetes CWE-610
4.1
2021-09-20 CVE-2021-25740 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
network
high complexity
kubernetes CWE-610
3.1
2021-08-17 CVE-2021-0591 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy.
local
low complexity
google CWE-610
7.3