CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
220 vulnerabilities with CWE-610
CVE-2019-15421
LOW
Blackview BV7000_Pro - Confused Deputy
CVSS 3.3
CVE-2019-15420
LOW
Blackview BV9000Pro-F - Confused Deputy
CVSS 3.3
CVE-2019-15419
HIGH
Asus ASUS_X015_1 - Command Injection
CVSS 7.8
CVE-2019-15418
HIGH
Asus ASUS_X00K_1 - Command Injection
CVSS 7.8
CVE-2019-15415
LOW
Xiaomi Redmi 5 - Info Disclosure
CVSS 3.3
CVE-2019-15405
HIGH
Asus ASUS_X00K_1 - Command Injection
CVSS 7.8
CVE-2019-15394
HIGH
Asus ZenFone 5 Selfie - Confused Deputy
CVSS 7.8
CVE-2019-15393
LOW
Asus ZenFone Live - Confused Deputy
CVSS 3.3
CVE-2018-12475
MEDIUM
openSUSE Open Build Service - SSRF
CVSS 6.5
CVE-2018-7824
MEDIUM
Schneider Electric Modbus Serial Driver - Privilege Escalation
CVSS 4.9
CVE-2018-9582
HIGH
Android <9 - Privilege Escalation
CVSS 7.8
CVE-2018-12381
MEDIUM
Firefox ESR < 60.2 - XSS
CVSS 5.3
CVE-2017-18357
MEDIUM
Shopware < 5.3.4 - XXE
CVSS 6.5
CVE-2017-16088
CRITICAL
safe-eval - Code Injection
CVSS 10.0
CVE-2017-15269
MEDIUM
PSFTPd 10.0.4 Build 729 - DoS
CVSS 4.3
CVE-2017-0211
MEDIUM
Microsoft Windows OLE - Privilege Escalation
CVSS 5.5
CVE-2016-0796
HIGH
WordPress Plugin mb.miniAudioPlayer - Open Proxy
CVSS 7.5
CVE-2015-10142
MEDIUM
Sitecore XP <8.0 - Info Disclosure
CVE-2015-10003
MEDIUM
FileZilla Server <0.9.50 - Info Disclosure
CVSS 4.3
CVE-2014-125044
MEDIUM
soshtolsus wing-tight <1.0.0 - File Inclusion
CVSS 6.3
Details
Vulnerabilities
220