Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-8154 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 8.8 |
| 2019-10-31 | CVE-2013-1945 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ruby-Lang Ruby193 ruby193 uses an insecure LD_LIBRARY_PATH setting. | 3.3 |
| 2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 6.5 |
| 2019-09-09 | CVE-2019-10666 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Librenms An issue was discovered in LibreNMS through 1.47. | 8.1 |
| 2019-09-03 | CVE-2019-5479 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Larvit Larvitbase An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | 7.5 |
| 2019-08-30 | CVE-2019-15839 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Sinaextra Sina Extension for Elementor The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | 7.5 |
| 2019-07-14 | CVE-2019-13589 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Anjlab Paranoid2 1.1.6 The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-11 | CVE-2019-4263 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. | 4.3 |
| 2019-04-29 | CVE-2019-11591 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Web-Dorado Contact Form The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
| 2019-04-29 | CVE-2019-11590 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in 10Web Form Maker The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |