Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2021-22705 Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert and Vijeo Designer
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert
local
low complexity
schneider-electric
7.8
2021-05-26 CVE-2021-22732 Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware
Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server.
local
low complexity
schneider-electric
7.8
2021-05-26 CVE-2021-22733 Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware
Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder.
local
low complexity
schneider-electric
7.8
2021-05-26 CVE-2021-22734 Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware
Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.
network
low complexity
schneider-electric
7.2
2021-05-26 CVE-2021-22735 Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware
Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device.
network
low complexity
schneider-electric
7.2
2021-05-26 CVE-2021-22736 Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded.
network
low complexity
schneider-electric
7.5
2021-05-26 CVE-2018-10863 Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL.
network
low complexity
redhat CWE-552
7.5
2021-05-26 CVE-2018-10865 Missing Authorization vulnerability in Redhat Certification 7.0
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.
network
low complexity
redhat CWE-862
7.5
2021-05-26 CVE-2018-10868 XML Entity Expansion vulnerability in Redhat Certification 7.0
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.
network
low complexity
redhat CWE-776
7.5
2021-05-26 CVE-2018-16494 Exposure of Resource to Wrong Sphere vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories.
network
low complexity
versa-networks CWE-668
8.8