Filtered by vendor Polycom
Subscribe
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4685 | 1 Polycom | 1 Realpresence Resource Manager | 2023-12-10 | 4.4 MEDIUM | 7.0 HIGH |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. | |||||
| CVE-2015-4682 | 1 Polycom | 1 Realpresence Resource Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | |||||
| CVE-2015-4684 | 1 Polycom | 1 Realpresence Resource Manager | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. | |||||
| CVE-2017-12857 | 1 Polycom | 4 Realpresence Trio, Soundstation Ip, Unified Communications Software and 1 more | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | |||||
| CVE-2015-4683 | 1 Polycom | 1 Realpresence Resource Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | |||||
| CVE-2015-8300 | 1 Polycom | 1 Btoe Connector | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2015-4681 | 1 Polycom | 1 Realpresence Resource Manager | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||||
| CVE-2015-1516 | 1 Polycom | 1 Realpresence Cloudaxis Suite | 2023-12-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4970 | 1 Polycom | 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5233 | 1 Polycom | 1 Soundpoint Ip 301 | 2023-12-10 | 7.8 HIGH | N/A |
| Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | |||||
| CVE-2007-3368 | 1 Polycom | 1 Soundpoint Ip 650 | 2023-12-10 | 7.8 HIGH | N/A |
| Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter. | |||||
| CVE-2007-3369 | 1 Polycom | 1 Soundpoint Ip 601 | 2023-12-10 | 7.8 HIGH | N/A |
| Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header. | |||||
| CVE-2003-0556 | 1 Polycom | 3 Mgc-100, Mgc-25, Mgc-50 | 2023-12-10 | 5.0 MEDIUM | N/A |
| Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester. | |||||
| CVE-2002-0627 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2023-12-10 | 7.5 HIGH | N/A |
| The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | |||||
| CVE-2002-1906 | 1 Polycom | 1 Viavideo | 2023-12-10 | 5.0 MEDIUM | N/A |
| The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. | |||||
| CVE-2002-0629 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. | |||||
| CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
| Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | |||||
| CVE-2002-1905 | 1 Polycom | 1 Viavideo | 2023-12-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-0630 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | |||||