Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-26272 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | 6.5 |
| 2021-01-26 | CVE-2021-26271 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | 6.5 |
| 2020-11-25 | CVE-2020-29072 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Liquidfiles A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. | 6.1 |
| 2020-09-19 | CVE-2020-25788 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4 An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. | 8.1 |
| 2020-08-11 | CVE-2020-13175 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Teradici products The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | 7.5 |
| 2020-06-15 | CVE-2020-13651 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. | 7.8 |
| 2020-06-09 | CVE-2020-13977 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. | 4.9 |
| 2020-06-03 | CVE-2020-5295 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. | 4.9 |
| 2020-04-01 | CVE-2020-10865 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 7.5 |
| 2020-03-25 | CVE-2020-3794 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. | 9.8 |