Filtered by vendor Digi
Subscribe
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12878 | 1 Digi | 2 Connectport X2e, Connectport X2e Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | |||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | |||||
| CVE-2019-18859 | 1 Digi | 2 Anywhereusb\/14, Anywhereusb\/14 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | |||||
| CVE-2018-20162 | 1 Digi | 2 Transport Lr54, Transport Lr54 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | |||||
| CVE-2017-18868 | 1 Digi | 2 Xbee 2, Xbee 2 Firmware | 2024-11-21 | 5.5 MEDIUM | 7.7 HIGH |
| Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | |||||