Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fonality Subscribe
Filtered by product Fonality
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2362 1 Fonality 1 Fonality 2016-06-21 10.0 HIGH 9.8 CRITICAL
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.
CVE-2016-2363 1 Fonality 1 Fonality 2016-06-21 7.2 HIGH 7.8 HIGH
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
CVE-2016-2364 1 Fonality 2 Fonality, Hud Web 2016-06-21 5.0 MEDIUM 7.5 HIGH
The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.