Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-03 | CVE-2021-41841 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Insyde Insydeh2O An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. | 8.2 |
| 2021-12-07 | CVE-2021-42133 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ivanti Avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | 8.1 |
| 2021-12-07 | CVE-2021-29113 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Esri Arcgis Server A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | 4.7 |
| 2021-11-30 | CVE-2021-41256 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud News nextcloud news-android is an Android client for the Nextcloud news/feed reader app. | 7.1 |
| 2021-11-24 | CVE-2021-20843 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page. | 5.4 |
| 2021-11-19 | CVE-2021-41569 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4 SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. | 7.5 |
| 2021-11-14 | CVE-2020-16152 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Extremenetworks Aerohive Netconfig 10.0R8A The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. | 9.8 |
| 2021-10-01 | CVE-2021-33626 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). | 7.8 |
| 2021-09-10 | CVE-2021-38360 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wp-Publications Project Wp-Publications The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | 9.8 |
| 2021-09-07 | CVE-2021-32802 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud Server Nextcloud server is an open source, self hosted personal cloud. | 9.8 |