8 matches found
CVE-2022-46902
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...
CVE-2022-46899
CVE-2022-46899 affects Vocera Report Server and Voice Server 5.x up to 5.8. The issue is Arbitrary File Upload: the BaseController used by service controllers accepts multipart/form-data POST requests and will write any parameter with a filename entry to the Vocera upload-staging directory using ...
CVE-2022-46901
CVE-2022-46901 affects Vocera Report Server and Voice Server 5.x through 5.8. The issue is an Access Control Violation for database operations via the Vocera Report Consoleβs websocket interface, which permits unauthenticated execution of tasks and database functions, including system tasks and a...
CVE-2022-46898
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...
CVE-2022-46899
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...
CVE-2022-46902
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...
CVE-2022-46898
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...
CVE-2008-1114
CVE-2008-1114 affects Vocera Communications wireless handsets when using PEAP; the client fails to validate the server certificate, enabling a remote wireless access point to perform MITM attacks and potentially capture hashed passwords. Root cause: lack of server-certificate validation in PEAP a...