Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-42133 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ivanti Avalanche
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
network
low complexity
ivanti CWE-829
5.5
2021-11-30 CVE-2021-41256 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud News
nextcloud news-android is an Android client for the Nextcloud news/feed reader app.
network
nextcloud CWE-829
5.8
2021-11-24 CVE-2021-20843 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
3.5
2021-11-19 CVE-2021-41569 Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion.
network
low complexity
sas CWE-829
5.0
2021-11-14 CVE-2020-16152 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Extremenetworks Aerohive Netconfig 10.0R8A
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
network
low complexity
extremenetworks CWE-829
critical
10.0
2021-10-01 CVE-2021-33626 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Insyde Insydeh2O
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory.
local
low complexity
insyde CWE-829
4.6
2021-09-10 CVE-2021-38360 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wp-Publications Project Wp-Publications
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.
network
low complexity
wp-publications-project CWE-829
7.5
2021-09-07 CVE-2021-32802 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud
Nextcloud server is an open source, self hosted personal cloud.
network
low complexity
nextcloud CWE-829
critical
10.0
2021-08-13 CVE-2021-34398 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager
NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.
local
low complexity
nvidia CWE-829
7.2
2021-07-16 CVE-2021-21804 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-829
7.5