CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2023-22616 HIGH
Insyde InsydeH2O 5.2-5.5 - SMRAM Corruption via IhisiSmm Driver Save State Register
CVSS 7.8
CVE-2023-20964 HIGH
Android - Intent Rebroadcast via MediaSessionRecord Confused Deputy
CVSS 7.8
CVE-2023-0003 MEDIUM
Palo Alto Networks Cortex XSOAR - Info Disclosure
CVSS 6.5
CVE-2022-23439 MEDIUM
Fortinet Products - Host Header Web Cache Poisoning
CVSS 4.7
CVE-2022-46869 HIGH
Acronis Cyber Protect Home Office <build 40278 - Privilege Escalation
CVSS 7.8
CVE-2022-46868 HIGH
Acronis Cyber Protect Home Office <40173 - Privilege Escalation
CVSS 7.8
CVE-2022-43513 HIGH
Automation License Manager - Unauth RCE
CVSS 8.2
CVE-2022-34669 HIGH
NVIDIA Virtual GPU < 11.11 and Cloud Gaming < 527.27 - Unauthenticated Arbitrary File Access
CVSS 8.8
CVE-2022-3032 MEDIUM
Thunderbird <102.2.1-<91.13.1 - XSS
CVSS 6.5
CVE-2022-20550 HIGH
Android 13 - Local Privilege Escalation via Confused Deputy in Activity Launch
CVSS 7.8
CVE-2022-20515 MEDIUM
Android 13 - Local Information Disclosure via AccountTypePreferenceLoader
CVSS 5.5
CVE-2022-20199 MEDIUM
Android 13 - Local Information Disclosure via NFC Tag Handling
CVSS 5.5
CVE-2022-45918 MEDIUM
ILIAS < 7.16 - Path Traversal
CVSS 6.5
CVE-2022-42893 HIGH
syngo Dynamics < VA40G HF01 - Path Traversal
CVSS 7.5
CVE-2022-42891 HIGH
syngo Dynamics < VA40G HF01 - Path Traversal
CVSS 7.5
CVE-2022-42734 HIGH
syngo Dynamics < VA40G HF01 - Path Traversal
CVSS 7.5
CVE-2022-42733 HIGH
syngo Dynamics < VA40G HF01 - Info Disclosure
CVSS 7.5
CVE-2022-42732 HIGH
syngo Dynamics < VA40G HF01 - Info Disclosure
CVSS 7.5
CVE-2022-44747 HIGH
Acronis Cyber Protect Home Office < 40107 - Local Privilege Escalation via Improper Soft Link Handling
CVSS 7.8
CVE-2022-43428 MEDIUM
Jenkins Compuware Topaz for Total Test Plugin <2.4.8 - Info Disclosure
CVSS 5.3
CVE-2022-43423 MEDIUM
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW P...
CVSS 5.3
CVE-2022-39206 CRITICAL
OneDev < 7.3.0 - Authenticated Remote Code Execution via Docker Socket Mount
CVSS 9.9
CVE-2022-27593 CRITICAL KEV
QNAP Photo Station < 5.2.14 - Arbitrary File Write
CVSS 10.0
CVE-2022-2633 HIGH
All-in-One Video Gallery <2.6.0 - SSRF
CVSS 7.5
CVE-2022-2431 HIGH
Download Manager <= 3.2.50 - Arbitrary File Deletion via 'file[files]' Parameter
CVSS 8.1
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits