Lucene search
K

180 matches found

CNVD
CNVD
added 2020/10/11 12:0 a.m.2 views

Cisco Expressway Series and Cisco TelePresence Video Communication Server Memory Exhaustion Vulnerability

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco Corporation.Cisco Expressway Series is an advanced collaboration gateway for unified communications.Cisco TelePresence Video Communication Server is a video communication server. The Cisco...

7.8CVSS6.8AI score0.01228EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.4 views

The vulnerability of the VPort 461 Series video server arises from the lack of measures to neutralize special elements used in operating system teams, allowing a hacker to execute arbitrary code.

The vulnerability of the VPort 461 Series video server is related to the lack of measures to neutralize special elements used in operating system teams. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS5.9AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.7 views

The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the unencrypted storage of user credentials, allows a intruder to gain unauthorized access to users’ credentials.

The vulnerability of the Central Control Server CCS and the Video Server of Siemens’ SiNVR 3 solution for video management involves unencrypted storage of user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to users’...

6.5CVSS5.9AI score0.00749EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.7 views

The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the lack of measures for cleaning input data, allows a intruder to inject malicious code into the web application of the Central Control Server.

The vulnerability of the Central Control Server CCS and the video server of Siemens’ SiNVR 3 solution relates to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to inject malicious code into the web application of the Central Control Server...

6.3CVSS6.6AI score0.0101EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/05/16 12:0 a.m.1 views

Weak Password Vulnerability in Network Video Server of Longchamp Cintron

Ltd. is a provider of products and application solutions in the field of network video surveillance in China. A weak password vulnerability exists in the network video server, which can be exploited by an attacker to log in to the backend of the system...

7AI score
Exploits0
NVD
NVD
added 2020/04/01 11:15 p.m.26 views

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...

8.4CVSS8.3AI score0.00748EPSS
Exploits0References1
NVD
NVD
added 2020/04/01 11:15 p.m.15 views

CVE-2020-8145

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

6.5CVSS6.5AI score0.01121EPSS
Exploits0References1
OSV
OSV
added 2020/04/01 11:15 p.m.13 views

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...

8.4CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2020/04/01 11:15 p.m.18 views

CVE-2020-8145

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

6.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/04/01 11:15 p.m.20 views

Design/Logic Flaw

The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...

5.2CVSS8.2AI score0.00748EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/01 11:15 p.m.19 views

Design/Logic Flaw

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

4CVSS6.4AI score0.01121EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/01 10:20 p.m.17 views

CVE-2020-8145

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

7.1AI score0.01121EPSS
Exploits0References1
CVE
CVE
added 2020/04/01 10:20 p.m.51 views

CVE-2020-8145

CVE-2020-8145 affects the UniFi Video Server (Windows) web interface. The vulnerability is in the backup and wizard configuration-restore endpoints, which do not perform sufficient privilege checks. Low-privilege users (PUBLIC_GROUP or CUSTOM_GROUP) can access these endpoints and overwrite the cu...

6.5CVSS6.8AI score0.01121EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/01 10:20 p.m.54 views

CVE-2020-8144

The CVE-2020-8144 issue affects UniFi Video Server v3.9.3 and earlier on Windows (x64) where the firmware update mechanism does not validate the download destination, allowing a crafted ..\ sequence to cause the firmware file to be saved outside the intended directory. This path traversal could e...

8.4CVSS8.3AI score0.00748EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/01 10:20 p.m.30 views

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...

8.4AI score0.00748EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/12 12:0 a.m.3 views

Siemens SiNVR 3 Insufficient Records Vulnerability

SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 has an insufficient security operation logging vulnerability in the XML-based communication protocol implementation, which can be exploited by a remote...

4.3CVSS7AI score0.01054EPSS
Exploits0References1
OSV
OSV
added 2020/03/10 8:15 p.m.3 views

CVE-2019-19299

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions = V5.0.0 = V5.0.2. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device camera passwords. This could allow an unauthenticated remote attacker to read...

7.5CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2020/03/10 8:15 p.m.29 views

CVE-2019-19297

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from...

7.5CVSS7.6AI score0.02735EPSS
Exploits0References1
NVD
NVD
added 2020/03/10 8:15 p.m.27 views

CVE-2019-19296

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The two FTP services default ports 21/tcp and 5411/tcp of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary fil...

8.1CVSS6.7AI score0.01812EPSS
Exploits0References1
NVD
NVD
added 2020/03/10 8:15 p.m.23 views

CVE-2019-19291

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0, SiNVR/SiVMS Video Server All versions V5.0.0. The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server CCS maintain log files that store login credentials in cleartext. In configurations...

6.5CVSS5.9AI score0.00749EPSS
Exploits0References2
Rows per page
Query Builder