CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2020-25161 HIGH
WebAccess/SCADA <9.0 - Code Injection
CVSS 8.8
CVE-2020-6105 HIGH
f2fs-tools < 1.14.0 - Remote Code Execution via Malicious Filesystem
CVSS 7.8
CVE-2020-0345 HIGH
Android 11 - Local Privilege Escalation via DocumentsUI Permission Bypass
CVSS 7.8
CVE-2020-0267 HIGH
Android 11 - Unauthenticated App Launch Spoofing via WindowManager Confused Deputy
CVSS 7.8
CVE-2020-8226 MEDIUM
phpBB <3.2.10 and <3.3.1 - Server-Side Request Forgery via Remote Image Dimensions Check
CVSS 5.8
CVE-2020-5412 MEDIUM
Spring Cloud Netflix <2.2.4-2.1.6 - SSRF
CVSS 6.5
CVE-2020-8553 MEDIUM
Kubernetes ingress-nginx <0.28.0 - Privilege Escalation
CVSS 5.9
CVE-2020-14057 CRITICAL
Monsta FTP < 2.10.1 - Arbitrary File Read and Write via Path Traversal
CVSS 9.8
CVE-2020-0210 HIGH
Android 10 - Permissions Bypass in AccountManager.java
CVSS 7.8
CVE-2020-5297 LOW
OctoberCMS 1.0.319-1.0.465 - Authenticated Arbitrary File Upload via Asset Manager
CVSS 3.4
CVE-2020-5296 MEDIUM
OctoberCMS <1.0.466 - Privilege Escalation
CVSS 6.2
CVE-2020-2009 HIGH
Palo Alto Networks PAN-OS <8.1.14, <9.0.7 - Remote Code Execution
CVSS 7.2
CVE-2020-9752 CRITICAL
Naver Cloud Explorer <2.2.2.11 - Privilege Escalation
CVSS 9.8
CVE-2019-7290 CRITICAL
Shortcuts < 2.1.3 - Sandbox Restriction Bypass
CVSS 10.0
CVE-2019-3996 MEDIUM
elog < 3.1.4-57bea22 - Unauthenticated HTTP Request Smuggling via Crafted POST Requests
CVSS 6.5
CVE-2019-15744 LOW
Sony Xperia XZs - Privilege Escalation
CVSS 3.3
CVE-2019-15743 MEDIUM
Sony Xperia Touch - Privilege Escalation
CVSS 5.5
CVE-2019-15475 MEDIUM
Xiaomi Mi A3 Firmware - Unauthorized Microphone Audio Recording via Confused Deputy Attack
CVSS 5.5
CVE-2019-15474 MEDIUM
Xiaomi Cepheus Android - Info Disclosure
CVSS 5.5
CVE-2019-15473 MEDIUM
Xiaomi Mi A2 Lite - Privilege Escalation
CVSS 5.5
CVE-2019-15472 MEDIUM
Xiaomi Mi A2 Lite - Info Disclosure
CVSS 5.5
CVE-2019-15468 MEDIUM
Xiaomi Mi A2 Lite - Confused Deputy
CVSS 5.5
CVE-2019-15467 LOW
Xiaomi Mi Mix 2S Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15466 LOW
Xiaomi Redmi 6 Pro - Confused Deputy
CVSS 3.3
CVE-2019-15429 HIGH
Panasonic ELUGA_I9 - Command Injection
CVSS 7.8
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits