CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2023-49862 MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_gifimage Parameter
CVSS 6.5
CVE-2023-6569 HIGH
h2o - Path Traversal
CVSS 8.2
CVE-2023-6618 MEDIUM
SourceCodester Simple Student Attendance System 1.0 - File Inclusion
CVSS 5.5
CVE-2023-5247 HIGH
Mitsubishi Electric GX Works3 - Malicious Code Execution via Crafted Project File
CVSS 7.8
CVE-2023-40194 HIGH
Foxit Reader 12.1.3.15356 - Code Injection
CVSS 8.8
CVE-2023-39542 HIGH
Foxit Reader 12.1.3.15356 - Remote Code Execution via JavaScript saveAs API
CVSS 8.8
CVE-2023-35985 HIGH
Foxit Reader 12.1.3.15356 - Code Injection
CVSS 8.8
CVE-2023-34982 MEDIUM
AVEVA Batch Management < 2020 - Authenticated Denial of Service via File Deletion
CVSS 5.5
CVE-2023-40139 MEDIUM
Android - Local Information Disclosure via FillUi Confused Deputy
CVSS 5.5
CVE-2023-4089 LOW
WAGO Compact Controller 100 Firmware 19-25 - Authenticated Local File Inclusion via Undocumented Mechanism
CVSS 2.7
CVE-2023-44209 HIGH
Acronis Cyber Protect Cloud Agent and Cyber Protect 17 - Local Privilege Escalation via Improper Soft Link Handling
CVSS 7.8
CVE-2023-32615 MEDIUM
Open Automation Software OAS Platform <18.00.0072 - File Write
CVSS 6.5
CVE-2023-4704 MEDIUM
instantsoft/icms2 <2.16.1 - Elevation of Privilege
CVSS 4.9
CVE-2023-35838 MEDIUM
WireGuard 0.5.3 - Privilege Escalation
CVSS 5.7
CVE-2023-37856 MEDIUM
PHOENIX CONTACT WP 6xxx - Info Disclosure
CVSS 4.3
CVE-2023-37855 MEDIUM
PHOENIX CONTACT WP 6xxx - Info Disclosure
CVSS 4.3
CVE-2023-38046 MEDIUM
Palo Alto Networks PAN-OS - Info Disclosure
CVSS 5.5
CVE-2023-3256 HIGH
Advantech R-SeeNet <2.4.22 - Info Disclosure
CVSS 8.8
CVE-2023-33188 MEDIUM
Omni-notes < 6.2.6 - Unintended File Copy via Insufficient Path Validation
CVSS 6.3
CVE-2023-32076 MEDIUM
in-toto < 1.4.0 - Configuration Manipulation via .in_totorc File
CVSS 5.5
CVE-2023-0008 MEDIUM
Palo Alto Networks PAN-OS - Info Disclosure
CVSS 4.4
CVE-2023-30943 MEDIUM
Moodle 4.1.0-4.1.2 - Unauthenticated Arbitrary Folder Creation via TinyMCE Loader
CVSS 6.5
CVE-2023-0045 MEDIUM
Linux Kernel 3.16.68-3.17 - Branch Target Injection via prctl Syscall
CVSS 4.7
CVE-2023-21097 HIGH
Android 11-13 - Local Privilege Escalation via Intent toUriInner Confused Deputy
CVSS 7.8
CVE-2023-2152 MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - Fi...
CVSS 5.3
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits