Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2022-22308 Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack.
local
low complexity
ibm CWE-829
7.8
2022-02-10 CVE-2022-23630 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
gradle CWE-829
6.0
2022-02-03 CVE-2021-41841 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Insyde Insydeh2O
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O.
local
low complexity
insyde CWE-829
7.2
2021-12-07 CVE-2021-42133 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ivanti Avalanche
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
network
low complexity
ivanti CWE-829
5.5
2021-12-07 CVE-2021-29113 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.
network
low complexity
esri CWE-829
4.7
2021-11-30 CVE-2021-41256 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud News
nextcloud news-android is an Android client for the Nextcloud news/feed reader app.
network
nextcloud CWE-829
5.8
2021-11-24 CVE-2021-20843 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
3.5
2021-11-19 CVE-2021-41569 Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion.
network
low complexity
sas CWE-829
5.0
2021-11-14 CVE-2020-16152 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Extremenetworks Aerohive Netconfig 10.0R8A
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
network
low complexity
extremenetworks CWE-829
critical
10.0
2021-10-01 CVE-2021-33626 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer).
local
low complexity
insyde siemens CWE-829
4.6