Vulnerabilities in Secomea
46 resultsCVE-2020-14510CRITICALOFF-BY-ONE ERROR CWE-193EPSS 2.5%CVE-2020-14508HIGHOFF-BY-ONE ERROR CWE-193EPSS 2.0%CVE-2020-29020CRITICALReject Remote Management via Cellular UPLINK2EPSS 1.7%CVE-2020-29026CRITICALA directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with adminisEPSS 1.5%CVE-2021-32008CRITICALLogged-in Administrator may get unrestricted file system accessEPSS 1.0%CVE-2022-25785MEDIUMBuffer overrunEPSS 0.9%CVE-2020-14512HIGHUSE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916EPSS 0.8%CVE-2020-29022MEDIUMHost Header Injection allowing web cache poisoning attacksEPSS 0.8%CVE-2020-29029HIGHXSS issue due to insufficient sanitization of input fieldEPSS 0.8%CVE-2020-29031HIGHInsecure Direct Object Reference in GateManager WebUI can cause privilege escalationEPSS 0.7%CVE-2022-38123HIGHInsufficient validation of plugin filesEPSS 0.7%CVE-2022-25786MEDIUMGateManager debug interface is included in production buildsEPSS 0.7%CVE-2020-29028MEDIUMReflected XSS issuesEPSS 0.7%CVE-2020-29021LOWScripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS)EPSS 0.6%CVE-2021-32004LOWGateManager does not enforce strict hostname matching for WEB serverEPSS 0.6%CVE-2021-32006MEDIUMGateManager information leak for LinkManager UsersEPSS 0.6%CVE-2020-29025MEDIUMDOM-based Javascript injectionEPSS 0.6%CVE-2022-25783MEDIUMHacking attempts from logged-in users are not properly logged by GMEPSS 0.6%CVE-2022-25780MEDIUMInformation leak via device availability query functionEPSS 0.6%CVE-2022-25784CRITICALUser controllable HTML element attribute (potential XSS)EPSS 0.6%