Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2021-39765 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.1 In Gallery, there is a possible permission bypass due to a confused deputy. | 5.5 |
| 2022-03-30 | CVE-2021-39787 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. | 7.8 |
| 2022-03-16 | CVE-2021-39703 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. | 7.8 |
| 2022-03-16 | CVE-2021-39707 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/11.0/12.0 In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.8 |
| 2022-02-11 | CVE-2021-39663 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. | 7.8 |
| 2022-02-11 | CVE-2021-39668 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0/12.0 In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. | 7.8 |
| 2022-01-14 | CVE-2021-1035 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0 In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. | 7.8 |
| 2022-01-14 | CVE-2021-39626 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. | 7.8 |
| 2021-12-15 | CVE-2021-1003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. | 7.8 |
| 2021-12-14 | CVE-2021-44041 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Uipath Assistant 21.4.4 UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. | 9.8 |