Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-34398 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. | 7.8 |
| 2021-07-16 | CVE-2021-21804 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
| 2021-07-15 | CVE-2021-34692 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. | 7.8 |
| 2021-07-09 | CVE-2021-30121 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Kaseya VSA Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118 | 6.5 |
| 2021-06-24 | CVE-2021-29777 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031. | 6.5 |
| 2021-06-17 | CVE-2020-25414 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Monstra 3.0.4 A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | 9.8 |
| 2021-06-17 | CVE-2021-3603 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). | 8.1 |
| 2021-06-04 | CVE-2021-30507 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 8.8 |
| 2021-06-01 | CVE-2020-4561 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. | 10.0 |
| 2021-04-13 | CVE-2021-29427 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. | 7.2 |