Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22757 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22758 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22759 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22760 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22761 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22762 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22766 | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet | 7.5 |
| 2021-06-11 | CVE-2021-22901 | Use After Free vulnerability in multiple products curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. | 8.1 |
| 2021-06-11 | CVE-2021-22902 | Unspecified vulnerability in Rubyonrails Rails The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. | 7.5 |
| 2021-06-11 | CVE-2021-22904 | Unspecified vulnerability in Rubyonrails Rails The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. | 7.5 |