VYPR
Vendor

Symmetricom

Products
2
CVEs
11
Across products
11
Status
Private

Products

2

Recent CVEs

11
  • CVE-2014-5071CriJan 8, 2018
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.

  • CVE-2014-5070HigJan 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.

  • CVE-2020-9034HigFeb 17, 2020
    risk 0.49cvss 7.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.

  • CVE-2014-5068HigJan 11, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.

  • CVE-2020-9033MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.

  • CVE-2020-9032MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.

  • CVE-2020-9031MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.

  • CVE-2020-9030MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.

  • CVE-2020-9029MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.

  • CVE-2020-9028MedFeb 17, 2020
    risk 0.40cvss 6.1epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).

  • CVE-2014-5069MedJan 8, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.