Filtered by vendor Digi
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12878 | 1 Digi | 2 Connectport X2e, Connectport X2e Firmware | 2024-11-21 | 7.8 High |
| Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | ||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2024-11-21 | 5.3 Medium |
| IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | ||||
| CVE-2019-18859 | 1 Digi | 2 Anywhereusb\/14, Anywhereusb\/14 Firmware | 2024-11-21 | 6.1 Medium |
| Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | ||||
| CVE-2018-20162 | 1 Digi | 2 Transport Lr54, Transport Lr54 Firmware | 2024-11-21 | N/A |
| Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | ||||
| CVE-2017-18868 | 1 Digi | 2 Xbee 2, Xbee 2 Firmware | 2024-11-21 | 7.7 High |
| Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | ||||