Aggregates CVE and security vulnerability intelligence across all tonec-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption and vendor risk buffer overflow, with potential vendor impact memory corruption and vendor impact application crash across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-56231 | Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections. | [email protected] | 9.1 | 0.02% | 2025-11-05 | 2026-01-07 |
| CVE-2020-28964 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors. | [email protected] | 6.7 | 0.05% | 2021-10-22 | 2024-11-21 |
| CVE-2020-23060 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. | [email protected] | 7.1 | 0.13% | 2021-10-22 | 2024-11-21 |
| CVE-2010-0995 | Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server. | [email protected] | 9.3 | 8.52% | 2010-05-06 | 2026-04-29 |