Vulnerabilities (CVE)

Filtered by vendor Digitus Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27105 1 Digitus 1 Inmailx 2024-11-01 N/A 5.4 MEDIUM
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.
CVE-2020-15063 1 Digitus 2 Da-70254, Da-70254 Firmware 2024-02-04 8.3 HIGH 8.8 HIGH
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15065 1 Digitus 2 Da-70254, Da-70254 Firmware 2024-02-04 6.1 MEDIUM 6.5 MEDIUM
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15064 1 Digitus 2 Da-70254, Da-70254 Firmware 2024-02-04 2.3 LOW 4.3 MEDIUM
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15062 1 Digitus 2 Da-70254, Da-70254 Firmware 2024-02-04 3.3 LOW 8.8 HIGH
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.