Vulnerabilities > Unintended Proxy or Intermediary ('Confused Deputy')

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2018-12182 Confused Deputy vulnerability in Tianocore EDK II
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
local
low complexity
tianocore CWE-441
6.7
2019-02-20 CVE-2019-3924 Confused Deputy vulnerability in Mikrotik Routeros
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability.
network
low complexity
mikrotik CWE-441
7.5
2018-12-06 CVE-2018-16598 Confused Deputy vulnerability in Amazon web Services Freertos and Freertos
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.
network
high complexity
amazon CWE-441
5.9
2018-08-01 CVE-2018-1999038 Confused Deputy vulnerability in Jenkins Publish Over Cifs
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
network
high complexity
jenkins CWE-441
4.2
2017-04-13 CVE-2015-2947 Confused Deputy vulnerability in Grabacr.Net Kancolleviewer 3.8.1
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.
network
low complexity
grabacr-net CWE-441
critical
9.1