Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-07 | CVE-2021-42133 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ivanti Avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | 8.1 |
| 2021-12-07 | CVE-2021-29113 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Esri Arcgis Server A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | 4.7 |
| 2021-11-24 | CVE-2021-20843 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page. | 5.4 |
| 2021-11-19 | CVE-2021-41569 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4 SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. | 7.5 |
| 2021-11-14 | CVE-2020-16152 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Extremenetworks Aerohive Netconfig 10.0R8A The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. | 9.8 |
| 2021-10-01 | CVE-2021-33626 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). | 7.8 |
| 2021-09-10 | CVE-2021-38360 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wp-Publications Project Wp-Publications The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | 9.8 |
| 2021-08-13 | CVE-2021-34398 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. | 7.8 |
| 2021-07-16 | CVE-2021-21804 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
| 2021-07-15 | CVE-2021-34692 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. | 7.8 |