VYPR

Polopoly

by Polopoly

CVEs (17)

  • CVE-2022-26482Jul 17, 2022
    risk 0.02cvss epss 0.22

    An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.

  • CVE-2018-17875Dec 28, 2021
    risk 0.01cvss epss 0.03

    A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.

  • CVE-2025-43491Sep 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.

  • CVE-2025-43489Jul 22, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.

  • CVE-2025-43486Jul 22, 2025
    risk 0.00cvss epss 0.00

    A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.

  • CVE-2024-6147Jun 20, 2024
    risk 0.00cvss epss 0.00

    Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2023-4467Dec 29, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The…

  • CVE-2023-4466Dec 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be…

  • CVE-2023-4465Dec 29, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101,…

  • CVE-2023-4464Dec 29, 2023
    risk 0.00cvss epss 0.03

    A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101,…

  • CVE-2023-4463Dec 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated…

  • CVE-2023-4462Dec 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150,…

  • CVE-2023-24282Mar 8, 2023
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.

  • CVE-2022-26479Jul 17, 2022
    risk 0.00cvss epss 0.02

    An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.

  • CVE-2021-41322Oct 4, 2021
    risk 0.00cvss epss 0.02

    Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.

  • CVE-2021-37145Sep 7, 2021
    risk 0.00cvss epss 0.02

    A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported…

  • CVE-2005-4481Dec 22, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom…