CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2022-2638 MEDIUM
WordPress Plugin <4.4 - Path Traversal
CVSS 6.5
CVE-2022-32761 MEDIUM
WWBN AVideo 11.6 and dev master - Arbitrary File Read via aVideoEncoderReceiveImage
CVSS 6.5
CVE-2022-28710 MEDIUM
WWBN AVideo <11.6 - Info Disclosure
CVSS 6.5
CVE-2022-20319 HIGH
Android 13 - Local Privilege Escalation via DreamServices Confused Deputy
CVSS 7.8
CVE-2022-20239 CRITICAL
Android - Improper Privilege Management via remap_pfn_range
CVSS 9.8
CVE-2022-30245 MEDIUM
Honeywell Alerton Compass Software <1.6.5 - Config Change
CVSS 6.5
CVE-2022-20223 HIGH
Android - Local Privilege Escalation via Confused Deputy in AppRestrictionsFragment
CVSS 7.8
CVE-2022-24241 HIGH
ACEweb Online Portal 3.5.065 - Path Traversal
CVSS 7.5
CVE-2022-20789 MEDIUM
Cisco Unified Communications Manager - Privilege Escalation
CVSS 4.9
CVE-2022-24854 HIGH
Metabase 0.41.0-0.41.6 - Unauthenticated Database Access via SQLite ATTACH DATABASE
CVSS 8.0
CVE-2021-27406 HIGH
PerFact OpenVPN-Client <1.4.1.0 - Privilege Escalation
CVSS 8.8
CVE-2021-3779 MEDIUM
ruby-mysql <2.10.0 - Info Disclosure
CVSS 6.5
CVE-2021-39787 HIGH
Android -12L - Privilege Escalation
CVSS 7.8
CVE-2021-39765 MEDIUM
Android 12L - Local Information Disclosure via Gallery Permission Bypass
CVSS 5.5
CVE-2021-39707 HIGH
Android - Local Privilege Escalation via Confused Deputy in AppRestrictionsFragment
CVSS 7.8
CVE-2021-39703 HIGH
Android 12 - Unauthorized File Access via UsbDeviceManager Confused Deputy
CVSS 7.8
CVE-2021-39668 HIGH
Android -11/12 - Privilege Escalation
CVSS 7.8
CVE-2021-39663 HIGH
Android 10 - Local Privilege Escalation via MediaProvider Path Permission Bypass
CVSS 7.8
CVE-2021-39626 HIGH
Android - Local Privilege Escalation via Bluetooth Settings Permission Bypass
CVSS 7.8
CVE-2021-1035 HIGH
Android - Local Privilege Escalation via BluetoothDevicePickerPreferenceController
CVSS 7.8
CVE-2021-3845 HIGH
ws_scrcpy < 0.7.1 - Path Traversal
CVSS 7.5
CVE-2021-43844 HIGH
MSEdgeRedirect < 0.5.0.1 - Remote Code Execution via Crafted URL Prompt
CVSS 8.8
CVE-2021-1003 HIGH
Android 12 - Unauthenticated Local Privilege Escalation via AudioService Volume Adjustment
CVSS 7.8
CVE-2021-44041 CRITICAL
UiPath Assistant 21.4.4 - Code Injection
CVSS 9.8
CVE-2021-43794 MEDIUM
Discourse < 2.7.11 - Cache Poisoning Denial of Service for Anonymous Users
CVSS 5.3
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits