Filtered by vendor Extremenetworks
Subscribe
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16152 | 1 Extremenetworks | 1 Aerohive Netconfig | 2021-11-18 | 10.0 HIGH | 9.8 CRITICAL |
| The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. | |||||
| CVE-2018-5787 | 1 Extremenetworks | 1 Extremewireless Wing | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets. | |||||
| CVE-2020-16847 | 1 Extremenetworks | 1 Extreme Management Center | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | |||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2020-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | |||||
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | |||||
| CVE-2017-14328 | 1 Extremenetworks | 1 Extremexos | 2019-10-17 | 7.8 HIGH | 7.5 HIGH |
| Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. | |||||
| CVE-2017-14332 | 1 Extremenetworks | 1 Extremexos | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
| Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | |||||
| CVE-2017-14329 | 1 Extremenetworks | 1 Extremexos | 2019-10-02 | 7.2 HIGH | 6.7 MEDIUM |
| Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | |||||
| CVE-2017-14330 | 1 Extremenetworks | 1 Extremexos | 2019-10-02 | 7.2 HIGH | 6.7 MEDIUM |
| Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | |||||
| CVE-2017-14331 | 1 Extremenetworks | 1 Extremexos | 2019-10-02 | 7.2 HIGH | 6.7 MEDIUM |
| Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell. | |||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2019-10-02 | 3.3 LOW | 7.5 HIGH |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | |||||
| CVE-2005-1670 | 1 Extremenetworks | 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos | 2018-09-26 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2017-14327 | 1 Extremenetworks | 1 Extremexos | 2017-11-08 | 4.9 MEDIUM | 4.4 MEDIUM |
| Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. | |||||
| CVE-2013-7309 | 1 Extremenetworks | 1 Exos | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||