Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-1003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 12.0 In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. | 7.8 |
| 2021-12-14 | CVE-2021-44041 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Uipath Assistant 21.4.4 UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. | 9.8 |
| 2021-12-01 | CVE-2021-43794 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Discourse Discourse is an open source discussion platform. | 5.3 |
| 2021-12-01 | CVE-2021-43685 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Libretime HV 3.0.0 libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. | 9.8 |
| 2021-10-22 | CVE-2021-0708 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. | 7.8 |
| 2021-09-20 | CVE-2020-8561 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. | 4.1 |
| 2021-09-20 | CVE-2021-25740 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | 3.1 |
| 2021-08-17 | CVE-2021-0591 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. | 7.3 |
| 2021-08-17 | CVE-2021-0593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. | 7.8 |
| 2021-08-11 | CVE-2020-21363 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0 An arbitrary file deletion vulnerability exists within Maccms10. | 6.5 |