CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610

CVE-2024-52792 MEDIUM

LDAP Account Manager - Config Injection

CVSS 6.5

CVE-2024-10979 HIGH

PostgreSQL <17.1-12.21 - Code Injection

CVSS 8.8

CVE-2024-5823 CRITICAL

gaizhenbiao/chuanhuchatgpt <= 20240410 - File Overwrite and Denial of Service via Configuration File Tampering

CVSS 9.1

CVE-2024-47773 HIGH

Discourse < 3.3.2 - Unauthenticated Cache Poisoning via XHR Requests

CVSS 8.2

CVE-2024-45826 MEDIUM

Rockwell Automation ThinManager 13.1.0-13.1.2 - Path Traversal and Remote Code Execution via Crafted POST Request

CVSS 6.8

CVE-2024-8207 MEDIUM

MongoDB Server <5.0.14 - Privilege Escalation

CVSS 6.4

CVE-2024-7911 MEDIUM

SourceCodester Simple Online Bidding System 1.0 - File Inclusion

CVSS 6.3

CVE-2024-7625 MEDIUM

HashiCorp Nomad <1.6.13-1.8.2 - Write Outside Allocation Directory

CVSS 5.8

CVE-2024-6079 MEDIUM

Rockwell Automation Emulate3D - DLL Hijacking

CVE-2024-28962 MEDIUM

Dell Command | Update, Dell Update, and Alienware Update UWP < 5.4 - Unauthenticated Denial of Service

CVSS 6.5

CVE-2024-29069 MEDIUM

snapd < 2.62 - Unauthenticated Arbitrary File Read via Malicious Snap Symbolic Links

CVSS 4.8

CVE-2024-6717 HIGH

HashiCorp Nomad <1.7.9 - Path Traversal

CVSS 7.7

CVE-2024-31319 HIGH

Android - Local Privilege Escalation via Notification Channel Update Confused Deputy

CVSS 7.8

CVE-2024-38049 MEDIUM

Windows Distributed Transaction Coordinator - Remote Code Execution

CVSS 6.6

CVE-2024-28826 HIGH

Checkmk <2.3.0p4, <2.2.0p27, <2.1.0p44, 2.0.0 - Path Traversal

CVSS 8.8

CVE-2024-32980 CRITICAL

Spin < 2.4.3 - Server-Side Request Forgery via Host Header

CVSS 9.1

CVE-2024-24818 MEDIUM

EspoCRM < 8.1.2 - Open Redirect via Password Change Page

CVSS 5.9

CVE-2024-25117 MEDIUM

php-svg-lib <0.5.2 - Remote Code Execution via PHAR font-family URL

CVSS 6.8

CVE-2024-23639 MEDIUM

Micronaut Framework - Info Disclosure

CVSS 5.1

CVE-2024-1329 HIGH

HashiCorp Nomad 1.5.13-1.6.6 and 1.7.3 - Arbitrary File Write via Symlink Attack

CVSS 7.7

CVE-2024-24760 HIGH

mailcow <2024-01c - Info Disclosure

CVSS 8.8

CVE-2024-0728 MEDIUM

ForU CMS <2020-06-23 - File Inclusion

CVSS 4.7

CVE-2023-6154 HIGH

Bitdefender Antivirus 27.0.25.114 - Uncontrolled Search Path Element in seccenter.exe

CVSS 7.8

CVE-2023-49864 MEDIUM

WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_image Parameter

CVSS 6.5

CVE-2023-49863 MEDIUM

WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_webpimage Parameter

CVSS 6.5

Details

Vulnerabilities 227

Links