VYPR
Vendor

Nch

Products
7
CVEs
31
Across products
32
Status
Private

Products

7

Recent CVEs

31
View all 31 CVEs →
  • CVE-2021-37441HigJul 25, 2021
    risk 0.57cvss 8.8epss 0.01

    NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.

  • CVE-2021-37447HigJul 25, 2021
    risk 0.53cvss 8.1epss 0.02

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.

  • CVE-2021-37443HigJul 25, 2021
    risk 0.53cvss 8.1epss 0.01

    NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

  • CVE-2021-37445MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.

  • CVE-2021-37442MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

  • CVE-2021-37440MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.

  • CVE-2021-37469MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.

  • CVE-2021-37452MedJul 25, 2021
    risk 0.36cvss 5.5epss 0.00

    NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.

  • CVE-2021-37449MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

  • CVE-2021-37448MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

  • CVE-2021-37470MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.

  • CVE-2021-37467MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).

  • CVE-2021-37466MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).

  • CVE-2021-37465MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).

  • CVE-2021-37464MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).

  • CVE-2021-37463MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).

  • CVE-2021-37462MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).

  • CVE-2021-37461MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).

  • CVE-2021-37460MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).

  • CVE-2021-37459MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).