Ui

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-12590 1Ui 1Edgeswitch Firmware Nov 21, 2024 Jun 20, 2018 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater...Show more Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.Show less
CVE-2017-0935 1Ui 1Edgeos Nov 21, 2024 Mar 22, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker w...Show more Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.Show less
CVE-2016-6914 1Ui 1Unifi Video May 13, 2026 Dec 27, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
CVE-2014-2226 1Ui 1Unifi Controller May 6, 2026 Jul 29, 2014 N/A· v4 N/A· v3 2.6 LOW· v2 Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2014-2227 1Ui 1Unifi Video May 6, 2026 Jul 25, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attacke...Show more The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.Show less
CVE-2013-3572 1Ui 1Unifi Controller Apr 29, 2026 Dec 31, 2013 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted clien...Show more Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.Show less
CVE-2013-1606 1Ui 4Aircam Aircam DomeAircam Mini+1 more Apr 29, 2026 Jul 18, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.

Previous 1 2 3 45