Vulnerabilities (CVE)

Vendor filter

Polycom Subscribe

Filter

24 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18566 1 Polycom 3 Uc Software, Vvx 500 Firmware, Vvx 601 Firmware 2018-12-06 5.0
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
CVE-2018-18568 1 Polycom 3 Uc Software, Vvx 500 Firmware, Vvx 601 Firmware 2018-12-06 4.3
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
CVE-2015-4685 1 Polycom 1 Realpresence Resource Manager 2018-10-09 4.4
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
CVE-2015-4684 1 Polycom 1 Realpresence Resource Manager 2018-10-09 5.5
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or...
CVE-2015-4683 1 Polycom 1 Realpresence Resource Manager 2018-10-09 7.5
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
CVE-2015-4682 1 Polycom 1 Realpresence Resource Manager 2018-10-09 4.0
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVE-2015-4681 1 Polycom 1 Realpresence Resource Manager 2018-10-09 7.2
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVE-2015-8300 1 Polycom 1 Btoe Connector 2018-09-26 7.2
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
CVE-2018-7565 1 Polycom 1 Qdx 6000 Firmware 2018-03-26 6.8
CSRF exists on Polycom QDX 6000 devices.
CVE-2018-7564 1 Polycom 1 Qdx 6000 Firmware 2018-03-26 4.3
Stored XSS exists on Polycom QDX 6000 devices.
CVE-2017-12857 1 Polycom 1 Unified Communications Software 2017-09-13 4.0
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an...
CVE-2006-5233 1 Polycom 1 Soundpoint Ip 301 2017-07-20 7.8
Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus...
CVE-2002-0628 1 Polycom 8 Viewstation Sp 384, Viewstation Mp, Viewstation Fx Vs4000 and 5 more 2017-07-11 5.0
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
CVE-2003-0556 1 Polycom 3 Mgc-50, Mgc-100, Mgc-25 2016-10-18 5.0
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
CVE-2015-1516 1 Polycom 1 Realpresence Cloudaxis Suite 2015-09-04 3.5
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4970 1 Polycom 1 Hdx System Software 2013-03-26 4.3
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML...
CVE-2007-3368 1 Polycom 1 Soundpoint Ip 650 2012-10-31 7.8
Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
CVE-2007-3369 1 Polycom 1 Soundpoint Ip 601 2011-03-08 7.8
Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.
CVE-2002-1906 1 Polycom 1 Viavideo 2008-09-05 5.0
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
CVE-2002-1905 1 Polycom 1 Viavideo 2008-09-05 5.0
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.