Filtered by vendor Polycom
Subscriptions
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4683 | 1 Polycom | 1 Realpresence Resource Manager | 2024-08-06 | N/A |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | ||||
| CVE-2015-1516 | 1 Polycom | 1 Realpresence Cloudaxis Suite | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-12857 | 1 Polycom | 4 Realpresence Trio, Soundstation Ip, Unified Communications Software and 1 more | 2024-08-05 | N/A |
| Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | ||||
| CVE-2018-18568 | 1 Polycom | 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more | 2024-08-05 | 5.9 Medium |
| Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | ||||
| CVE-2018-18566 | 1 Polycom | 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more | 2024-08-05 | 5.3 Medium |
| The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. | ||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2024-08-05 | N/A |
| An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | ||||
| CVE-2018-14935 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-08-05 | N/A |
| The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | ||||
| CVE-2018-14934 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-08-05 | N/A |
| The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. | ||||
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2024-08-05 | N/A |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | ||||
| CVE-2018-10947 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-08-05 | N/A |
| An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted. | ||||
| CVE-2018-10946 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-08-05 | N/A |
| An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI. | ||||
| CVE-2018-7564 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2024-08-05 | N/A |
| Stored XSS exists on Polycom QDX 6000 devices. | ||||
| CVE-2018-7565 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2024-08-05 | N/A |
| CSRF exists on Polycom QDX 6000 devices. | ||||
| CVE-2019-14259 | 1 Polycom | 2 Obihai Obi1022, Obihai Obi1022 Firmware | 2024-08-05 | N/A |
| On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | ||||
| CVE-2019-12948 | 1 Polycom | 54 C12, C16, C8 and 51 more | 2024-08-04 | N/A |
| A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. | ||||
| CVE-2019-11355 | 1 Polycom | 1 Hdx System Software | 2024-08-04 | 7.2 High |
| An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. | ||||
| CVE-2019-10688 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2024-08-04 | N/A |
| VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device. | ||||
| CVE-2019-10689 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2024-08-04 | N/A |
| VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information. | ||||
| CVE-2021-41322 | 1 Polycom | 4 Vvx 400, Vvx 400 Firmware, Vvx 410 and 1 more | 2024-08-04 | 8.8 High |
| Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. | ||||