CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2019-15428 LOW
Xiaomi Mi Note 2 - Unauthorized Access
CVSS 3.3
CVE-2019-15427 LOW
Xiaomi Mi Mix <6.0.1 - Info Disclosure
CVSS 3.3
CVE-2019-15426 LOW
Xiaomi 5S Plus Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15425 LOW
Kata M4s Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15424 LOW
Doogee BL5000 Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15423 LOW
Bluboo S1 Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15422 LOW
Doogee Mix Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15421 LOW
Blackview BV7000_Pro - Confused Deputy
CVSS 3.3
CVE-2019-15420 LOW
Blackview BV9000Pro-F - Confused Deputy
CVSS 3.3
CVE-2019-15419 HIGH
Asus ASUS_X015_1 - Command Injection
CVSS 7.8
CVE-2019-15418 HIGH
Asus ASUS_X00K_1 - Command Injection
CVSS 7.8
CVE-2019-15415 LOW
Xiaomi Redmi 5 Firmware - Unauthorized Wireless Settings Modification via Confused Deputy Attack
CVSS 3.3
CVE-2019-15405 HIGH
Asus ASUS_X00K_1 - Command Injection
CVSS 7.8
CVE-2019-15394 HIGH
Asus ZenFone 5 Selfie - Confused Deputy
CVSS 7.8
CVE-2019-15393 LOW
Asus ZenFone Live - Confused Deputy
CVSS 3.3
CVE-2018-12475 MEDIUM
openSUSE Open Build Service - Authenticated Server-Side Request Forgery via obs-service-download_files
CVSS 6.5
CVE-2018-7824 MEDIUM
Schneider Electric Modbus Serial Driver - Privilege Escalation
CVSS 4.9
CVE-2018-9582 HIGH
Android 8.0-9 - Local Privilege Escalation via Package Installer Confused Deputy
CVSS 7.8
CVE-2018-12381 MEDIUM
Firefox < 62 - URL Spoofing via Outlook Email Drag-and-Drop
CVSS 5.3
CVE-2017-18357 MEDIUM
Shopware < 5.3.4 - PHP Object Instantiation and XXE via ProductStream Controller
CVSS 6.5
CVE-2017-16088 CRITICAL
safe-eval - Sandbox Escape via Object Constructor Access
CVSS 10.0
CVE-2017-15269 MEDIUM
PSFTPd 10.0.4 Build 729 - FTP Bounce Scan Vulnerability
CVSS 4.3
CVE-2017-0211 MEDIUM
Microsoft Windows OLE - Privilege Escalation
CVSS 5.5
CVE-2016-0796 HIGH
WordPress Plugin mb.miniAudioPlayer - Open Proxy
CVSS 7.5
CVE-2015-10142 MEDIUM
Sitecore XP < 8.0 / CMS < 7.2 Update-3 / < 7.5 Update-1 - Arbitrary File Read
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits