Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-17 | CVE-2021-0593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. | 7.8 |
| 2021-08-11 | CVE-2020-21363 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0 An arbitrary file deletion vulnerability exists within Maccms10. | 6.5 |
| 2021-08-10 | CVE-2020-23171 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nim-Lang A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | 5.5 |
| 2021-08-05 | CVE-2021-32576 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). | 7.8 |
| 2021-08-05 | CVE-2021-32578 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). | 7.8 |
| 2021-07-23 | CVE-2021-32783 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Projectcontour Contour Contour is a Kubernetes ingress controller using Envoy proxy. | 8.5 |
| 2021-07-20 | CVE-2021-32773 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Racket-Lang Racket Racket is a general-purpose programming language and an ecosystem for language-oriented programming. | 7.5 |
| 2021-07-14 | CVE-2021-0599 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. | 5.5 |
| 2021-07-02 | CVE-2021-26920 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-06-24 | CVE-2021-29965 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. | 5.3 |