Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.7AI Score
0.001EPSS
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch...
6.5CVSS
6.2AI Score
0.001EPSS
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this...
6.5CVSS
6.4AI Score
0.002EPSS
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an...
4.3CVSS
4.7AI Score
0.001EPSS
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the...
6.5CVSS
6.7AI Score
0.001EPSS
Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input...
7.5CVSS
7.5AI Score
0.002EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available...
6.5CVSS
6.3AI Score
0.001EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the...
7.1CVSS
6.8AI Score
0.0004EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other...
3.5CVSS
3.7AI Score
0.0004EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and...
4.3CVSS
4.1AI Score
0.001EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is...
6.3CVSS
6.1AI Score
0.001EPSS
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The...
7.2CVSS
7AI Score
0.003EPSS
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for....
8CVSS
8.2AI Score
0.005EPSS
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...
7.2CVSS
7.2AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need...
4.9CVSS
4.9AI Score
0.002EPSS
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery...
Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to.....
8.2CVSS
8.2AI Score
0.002EPSS
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs,...
8.8CVSS
8.5AI Score
0.002EPSS
STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka...
9.8CVSS
9.5AI Score
0.01EPSS
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation...
6.1CVSS
5.9AI Score
0.002EPSS
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include...
5.3CVSS
5.1AI Score
0.001EPSS
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and...
5.3CVSS
5.2AI Score
0.001EPSS
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is...
9.8CVSS
9.4AI Score
0.778EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during...
9.8CVSS
9.7AI Score
0.002EPSS
5.4CVSS
5.5AI Score
0.001EPSS
5.4CVSS
5.5AI Score
0.001EPSS
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin...
4.8CVSS
4.8AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the...
7.2CVSS
7.3AI Score
0.002EPSS
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit...
4.4CVSS
4.5AI Score
0.0004EPSS
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient...
8.8CVSS
8.9AI Score
0.002EPSS
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the.....
6.7CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability...
4.4CVSS
4.6AI Score
0.0004EPSS
Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...
4.4CVSS
4.9AI Score
0.0004EPSS
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
6.7CVSS
6.8AI Score
0.0004EPSS
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an...
6.7CVSS
6.6AI Score
0.0004EPSS
A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this...
7.8CVSS
7.5AI Score
0.0004EPSS
6.1CVSS
6AI Score
0.001EPSS
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in...
6.1CVSS
5.9AI Score
0.002EPSS
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail...
4.8CVSS
4.8AI Score
0.001EPSS
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication...
5.3CVSS
5.4AI Score
0.001EPSS
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by...
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP...
9.8CVSS
9.4AI Score
0.004EPSS