Filtered by vendor Microchip Subscriptions
Filtered by product Syncserver S100 Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-9034 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 7.5 High
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
CVE-2020-9033 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
CVE-2020-9032 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
CVE-2020-9031 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
CVE-2020-9030 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
CVE-2020-9029 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVE-2020-9028 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.1 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).