Filtered by vendor Avaya
Subscribe
Total
132 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | |||||
CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
CVE-2018-15616 | 1 Avaya | 1 Avaya Aura System Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. | |||||
CVE-2018-15614 | 1 Avaya | 1 Ip Office | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. | |||||
CVE-2018-15617 | 1 Avaya | 1 Aura Communication Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. | |||||
CVE-2019-7006 | 1 Avaya | 1 One-x Communicator | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. | |||||
CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | |||||
CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | |||||
CVE-2018-15613 | 1 Avaya | 1 Aura Orchestration Designer | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | |||||
CVE-2018-6635 | 1 Avaya | 1 Aura | 2023-12-10 | 6.0 MEDIUM | 7.5 HIGH |
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
CVE-2017-12969 | 1 Avaya | 1 Ip Office Contact Center | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | |||||
CVE-2017-11309 | 1 Avaya | 1 Ip Office | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | |||||
CVE-2016-2783 | 1 Avaya | 1 Vsp Operating System Software | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | |||||
CVE-2011-4112 | 2 Avaya, Linux | 13 9608, 9608 Firmware, 9608g and 10 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. | |||||
CVE-2011-5096 | 1 Avaya | 1 Aura Application Server 5300 | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | |||||
CVE-2012-3811 | 1 Avaya | 1 Ip Office Customer Call Reporter | 2023-12-10 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. | |||||
CVE-2011-4326 | 2 Avaya, Linux | 3 96x1 Ip Deskphone, 96x1 Ip Deskphone Firmware, Linux Kernel | 2023-12-10 | 7.1 HIGH | N/A |
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device. | |||||
CVE-2010-2492 | 3 Avaya, Linux, Vmware | 9 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 6 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. | |||||
CVE-2010-2942 | 6 Avaya, Canonical, Linux and 3 more | 13 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 10 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |