Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-0599 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. | 4.9 |
| 2021-07-02 | CVE-2021-26920 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-06-24 | CVE-2021-29965 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. | 4.3 |
| 2021-06-22 | CVE-2021-0536 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. | 4.6 |
| 2021-06-22 | CVE-2021-0550 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. | 4.6 |
| 2021-06-22 | CVE-2021-0608 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. | 4.6 |
| 2021-05-22 | CVE-2021-1306 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cisco Identity Services Engine A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. | 3.4 |
| 2021-04-28 | CVE-2021-27648 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Synology Antivirus Essential Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors. | 6.5 |
| 2021-04-15 | CVE-2021-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Openoffice The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. | 8.8 |
| 2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 6.5 |