CWE-610
235 CVEs • Abstraction: Class
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CVEs (235)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app...Show more |
The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymod...Show more |
The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defc...Show more |
1Asus 2Pegasus 4 Max Firmware Pegasus 4a FirmwareJun 17, 2026 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defc...Show more |
The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1,...Show more |
1Asus 2Pegasus 4 Max Firmware Pegasus 4a FirmwareJun 17, 2026 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploade...Show more |
1Asus 1Zenfone 5 Selfie Firmware Jun 17, 2026 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.sm...Show more |
The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmite...Show more |
1Schneider Electric 2Driver Suite Modbus Serial DriverJun 17, 2026 May 22, 2019 N/A· v4 4.9 MEDIUM· v3 6.8 MEDIUM· v2 An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and a...Show more |
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additio...Show more |
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a...Show more |
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operati...Show more |
1Safe Eval Project 1Safe Eval Nov 21, 2024 Jun 7, 2018 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. |
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. |
1Microsoft 5Windows 10 Windows 8.1Windows Rt 8.1+2 moreMay 13, 2026 Apr 12, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity...Show more |