Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-26 | CVE-2021-22705 | Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert and Vijeo Designer Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert | 7.8 |
2021-05-26 | CVE-2021-22732 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. | 7.8 |
2021-05-26 | CVE-2021-22733 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. | 7.8 |
2021-05-26 | CVE-2021-22734 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. | 7.2 |
2021-05-26 | CVE-2021-22735 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. | 7.2 |
2021-05-26 | CVE-2021-22736 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. | 7.5 |
2021-05-26 | CVE-2018-10863 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. | 7.5 |
2021-05-26 | CVE-2018-10865 | Missing Authorization vulnerability in Redhat Certification 7.0 It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him. | 7.5 |
2021-05-26 | CVE-2018-10868 | XML Entity Expansion vulnerability in Redhat Certification 7.0 redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | 7.5 |
2021-05-26 | CVE-2018-16494 | Exposure of Resource to Wrong Sphere vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0 In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. | 8.8 |