VYPR
Vendor

Avaya

Avaya LLC, formerly Avaya Inc., is an American multinational technology company headquartered in Morristown, New Jersey, that provides cloud communications and workstream collaboration services. The company's platform includes unified communications and contact center services. In 2019, the company provided services to 220,000 customer locations in 190 countries.

Founded 2000
Products
143
CVEs
156
Across products
241
Status
Private

Products

143
View all 143 products →

Recent CVEs

156
View all 156 CVEs →
  • CVE-2017-11309CriNov 10, 2017
    risk 0.66cvss 9.6epss 0.09

    Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

  • CVE-2016-2783CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.

  • CVE-2017-12969HigNov 10, 2017
    risk 0.61cvss 8.8epss 0.10

    Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.

  • CVE-2010-2943HigSep 30, 2010
    risk 0.57cvss 8.1epss 0.17

    The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were…

  • CVE-2018-15613HigSep 21, 2018
    risk 0.54cvss 8.3epss 0.01

    A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

  • CVE-2018-15612HigSep 21, 2018
    risk 0.54cvss 8.3epss 0.00

    A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

  • CVE-2010-2798HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly…

  • CVE-2010-2492HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

  • CVE-2009-0115HigMar 30, 2009
    risk 0.51cvss 7.8epss 0.00

    The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka…

  • CVE-2008-2812HigJul 9, 2008
    risk 0.51cvss 7.8epss 0.00

    The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2)…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2018-6635HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

  • CVE-2018-15610HigSep 12, 2018
    risk 0.48cvss 7.3epss 0.02

    A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

  • CVE-2018-15615HigSep 24, 2018
    risk 0.47cvss 7.2epss 0.00

    A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

  • CVE-2009-3939HigNov 16, 2009
    risk 0.46cvss 7.1epss 0.00

    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

  • CVE-2018-15611MedSep 27, 2018
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

  • CVE-2010-2942MedSep 21, 2010
    risk 0.36cvss 5.5epss 0.00

    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory…

  • CVE-2006-1058MedApr 4, 2006
    risk 0.36cvss 5.5epss 0.00

    BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

  • CVE-2001-1494MedDec 31, 2001
    risk 0.36cvss 5.5epss 0.00

    script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

  • CVE-2011-4112MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen…