CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2021-43685 CRITICAL
libretime hv3.0.0-alpha.10 - Path Traversal
CVSS 9.8
CVE-2021-41244 CRITICAL
Grafana 8.0.0-8.2.3 - Unauthorized Role Modification via Fine-Grained Access Control
CVSS 9.1
CVE-2021-0708 HIGH
Android 8.1-11 - Unauthenticated System File Deletion via ActivityManagerShellCommand
CVSS 7.8
CVE-2021-25740 LOW
Kubernetes - Confused Deputy Network Access
CVSS 3.1
CVE-2021-0593 HIGH
Android - Local Privilege Escalation via Confused Deputy in DevicePickerFragment
CVSS 7.8
CVE-2021-0591 HIGH
Android 8.1-11 - Authenticated Privileged Broadcast Receiver Invocation via BluetoothPermissionActivity
CVSS 7.3
CVE-2021-32578 HIGH
Acronis True Image - Local Privilege Escalation via Improper Soft Link Handling
CVSS 7.8
CVE-2021-32576 HIGH
Acronis True Image - Local Privilege Escalation via Soft Link Handling
CVSS 7.8
CVE-2021-32783 HIGH
Contour < 1.17.1 and >= 0 < 1.14.2 - Unauthenticated Denial of Service via ExternalName Service
CVSS 8.5
CVE-2021-32773 MEDIUM
Racket < 8.2 - Unintended Proxy or Intermediary via Sandbox Module Dependency Confusion
CVSS 6.1
CVE-2021-0599 MEDIUM
Android 8.1-11 - Local Information Disclosure via Confused Deputy in NotificationRecord
CVSS 5.5
CVE-2021-26920 MEDIUM
Apache Druid < 0.22.0 and druid-core < 0.21.0 - Authenticated Arbitrary File Read via HTTP InputSource
CVSS 6.5
CVE-2021-29965 MEDIUM
Firefox < 89.0 - Password Manager Spoofing via HTTP Authentication Dialog
CVSS 5.3
CVE-2021-0608 HIGH
Android - Arbitrary Activity Launch via Confused Deputy in AppLaunchActivity
CVSS 7.8
CVE-2021-0550 HIGH
Android 11 - Local Privilege Escalation via Confused Deputy in AnnotateActivity
CVSS 7.8
CVE-2021-0536 HIGH
WiFiInstaller - Privilege Escalation
CVSS 7.8
CVE-2021-1306 MEDIUM
Cisco EPN Manager, ISE, Prime Infrastructure - Path Traversal
CVSS 4.4
CVE-2021-27648 CRITICAL
Synology Antivirus Essential <1.4.8-2801 - Privilege Escalation
CVSS 9.0
CVE-2021-30245 HIGH
Apache OpenOffice <4.1.8 - Code Injection
CVSS 8.8
CVE-2021-27183 HIGH
MDaemon < 20.0.4 - Authenticated Arbitrary File Write via Remote Administration
CVSS 7.2
CVE-2021-26711 MEDIUM
Redwood Report2Web 4.3.4.5 - Frame Injection via Online Help turl Parameter
CVSS 5.3
CVE-2020-36772 MEDIUM
CloudLinux CageFS <7.0.8.2 - Info Disclosure
CVSS 4.4
CVE-2020-8561 MEDIUM
Kubernetes API Server - Server-Side Request Forgery via Webhook Response Redirects
CVSS 4.1
CVE-2020-21363 MEDIUM
Maccms - Arbitrary File Deletion
CVSS 6.5
CVE-2020-23171 MEDIUM
nim-lang - Unauthenticated Arbitrary File Write via Dot-Slash in Zip File
CVSS 5.5
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits