Every CVE whose affected-product data names Ui Unifi Video, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2019-5430 — CVSS 8.8 (high): In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server…
CVE-2020-8144 — CVSS 8.4 (high): The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances…
CVE-2020-24755 — CVSS 7.8 (high): In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the…
CVE-2016-6914 — CVSS 7.8 (high): Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM…
CVE-2020-8146 — CVSS 7.8 (high): In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL…
CVE-2020-8145 — CVSS 6.5 (medium): The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not…
CVE-2014-2227 — CVSS 6.0 (medium): The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller)…