VYPR

Aura System Platform

by Avaya

CVEs (12)

  • CVE-2010-2943HigSep 30, 2010
    risk 0.57cvss 8.1epss 0.17

    The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were…

  • CVE-2010-2798HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly…

  • CVE-2010-2492HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

  • CVE-2009-3939HigNov 16, 2009
    risk 0.46cvss 7.1epss 0.00

    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

  • CVE-2010-2942MedSep 21, 2010
    risk 0.36cvss 5.5epss 0.00

    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory…

  • CVE-2022-0835Apr 11, 2022
    risk 0.00cvss epss 0.00

    AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

  • CVE-2021-33008Apr 4, 2022
    risk 0.00cvss epss 0.01

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.

  • CVE-2021-32981Apr 4, 2022
    risk 0.00cvss epss 0.01

    AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within…

  • CVE-2021-32985Apr 4, 2022
    risk 0.00cvss epss 0.00

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.

  • CVE-2021-33010Apr 4, 2022
    risk 0.00cvss epss 0.01

    An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.

  • CVE-2021-32977Apr 4, 2022
    risk 0.00cvss epss 0.01

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.

  • CVE-2018-15616Oct 17, 2018
    risk 0.00cvss epss 0.03

    A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0…