Filtered by vendor Polycom
Subscribe
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10689 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2019-06-27 | 3.3 LOW | 6.5 MEDIUM |
| VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information. | |||||
| CVE-2018-10947 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2019-06-17 | 2.9 LOW | 3.1 LOW |
| An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted. | |||||
| CVE-2019-10688 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2019-06-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device. | |||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2019-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | |||||
| CVE-2018-14935 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | |||||
| CVE-2015-4685 | 1 Polycom | 1 Realpresence Resource Manager | 2018-10-09 | 4.4 MEDIUM | 7.0 HIGH |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. | |||||
| CVE-2015-4684 | 1 Polycom | 1 Realpresence Resource Manager | 2018-10-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. | |||||
| CVE-2015-4683 | 1 Polycom | 1 Realpresence Resource Manager | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | |||||
| CVE-2015-4682 | 1 Polycom | 1 Realpresence Resource Manager | 2018-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | |||||
| CVE-2015-4681 | 1 Polycom | 1 Realpresence Resource Manager | 2018-10-09 | 7.2 HIGH | 7.8 HIGH |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||||
| CVE-2015-8300 | 1 Polycom | 1 Btoe Connector | 2018-09-26 | 7.2 HIGH | 7.8 HIGH |
| Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | |||||
| CVE-2018-7565 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2018-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on Polycom QDX 6000 devices. | |||||
| CVE-2018-7564 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2018-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS exists on Polycom QDX 6000 devices. | |||||
| CVE-2017-12857 | 1 Polycom | 4 Realpresence Trio, Soundstation Ip, Unified Communications Software and 1 more | 2017-09-13 | 4.0 MEDIUM | 8.8 HIGH |
| Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | |||||
| CVE-2006-5233 | 1 Polycom | 1 Soundpoint Ip 301 | 2017-07-20 | 7.8 HIGH | N/A |
| Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | |||||
| CVE-2003-0556 | 1 Polycom | 3 Mgc-100, Mgc-25, Mgc-50 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester. | |||||
| CVE-2015-1516 | 1 Polycom | 1 Realpresence Cloudaxis Suite | 2015-09-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4970 | 1 Polycom | 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more | 2013-03-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||