Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9034 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | |||||
CVE-2020-9033 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | |||||
CVE-2020-9032 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | |||||
CVE-2020-9031 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | |||||
CVE-2020-9030 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | |||||
CVE-2020-9029 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | |||||
CVE-2020-9028 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). |