Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2022-10-18 CVE-2022-22246 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Juniper Junos
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file.
network
low complexity
juniper CWE-829
8.8
2022-07-12 CVE-2022-33701 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Google Android 10.0/11.0/12.0
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
local
low complexity
google CWE-829
2.1
2022-07-08 CVE-2021-41037 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Equinox P2
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation.
network
eclipse CWE-829
6.8
2022-05-24 CVE-2021-4229 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ua-Parser-Js Project Ua-Parser-Js 0.7.29/0.8.0/1.0.0
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0.
network
high complexity
ua-parser-js-project CWE-829
7.6
2022-05-11 CVE-2022-29845 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ipswitch Whatsup Gold 21.1.0/21.1.1/22.0.0
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
network
low complexity
ipswitch CWE-829
4.0
2022-04-14 CVE-2022-24824 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Discourse
Discourse is an open source platform for community discussion.
network
low complexity
discourse CWE-829
5.0
2022-04-11 CVE-2022-1161 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems.
network
low complexity
rockwellautomation CWE-829
7.5
2022-03-15 CVE-2022-25485 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
network
cuppacms CWE-829
6.8
2022-03-15 CVE-2022-25486 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
local
low complexity
cuppacms CWE-829
7.8
2022-02-24 CVE-2022-24232 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
6.8