Vendor CVEs
Avaya
All CVEs
156 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15614 | 0.00 | — | 0.01 | Jan 23, 2019 | A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0… | |||
| CVE-2018-15329 | 0.00 | — | 0.01 | Dec 20, 2018 | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed… | |||
| CVE-2018-15328 | 0.00 | — | 0.02 | Dec 12, 2018 | On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are… | |||
| CVE-2018-10587 | 0.00 | — | 0.03 | Nov 1, 2018 | NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. | |||
| CVE-2018-15322 | 0.00 | — | 0.01 | Oct 31, 2018 | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with… | |||
| CVE-2018-15616 | 0.00 | — | 0.03 | Oct 17, 2018 | A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0… | |||
| CVE-2011-5096 | 0.00 | — | 0.04 | Jul 3, 2012 | Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted… | |||
| CVE-2011-4326 | 0.00 | — | 0.03 | May 17, 2012 | The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge… | |||
| CVE-2011-3008 | 0.00 | — | 0.02 | Aug 5, 2011 | The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative… | |||
| CVE-2011-1229 | 0.00 | — | 0.01 | Apr 13, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers… | |||
| CVE-2008-6711 | 0.00 | — | 0.02 | Apr 10, 2009 | Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs." | |||
| CVE-2008-6710 | 0.00 | — | 0.02 | Apr 10, 2009 | Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or… | |||
| CVE-2008-6709 | 0.00 | — | 0.02 | Apr 10, 2009 | Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local… | |||
| CVE-2008-6708 | 0.00 | — | 0.02 | Apr 10, 2009 | Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration… | |||
| CVE-2008-6707 | 0.00 | — | 0.01 | Apr 10, 2009 | The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted… | |||
| CVE-2008-6706 | 0.00 | — | 0.02 | Apr 10, 2009 | Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration… | |||
| CVE-2008-6575 | 0.00 | — | 0.01 | Apr 1, 2009 | Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. | |||
| CVE-2008-6574 | 0.00 | — | 0.01 | Apr 1, 2009 | Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. | |||
| CVE-2008-6573 | 0.00 | — | 0.01 | Apr 1, 2009 | Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager… | |||
| CVE-2008-6141 | 0.00 | — | 0.02 | Feb 14, 2009 | Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. | |||
| CVE-2008-6140 | 0.00 | — | 0.01 | Feb 14, 2009 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | |||
| CVE-2008-5882 | 0.00 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | |||
| CVE-2008-5710 | 0.00 | — | 0.01 | Dec 24, 2008 | Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. | |||
| CVE-2008-5709 | 0.00 | — | 0.03 | Dec 24, 2008 | Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static… | |||
| CVE-2008-3777 | 0.00 | — | 0.00 | Aug 25, 2008 | The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to… | |||
| CVE-2008-3778 | 0.00 | — | 0.01 | Aug 25, 2008 | The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause… | |||
| CVE-2008-3081 | 0.00 | — | 0.03 | Jul 9, 2008 | Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute… | |||
| CVE-2007-5830 | 0.00 | — | 0.02 | Nov 5, 2007 | Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | |||
| CVE-2007-5556 | 0.00 | — | 0.01 | Oct 18, 2007 | Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known… | |||
| CVE-2007-3286 | 0.00 | — | 0.02 | Sep 19, 2007 | Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-3318 | 0.00 | — | 0.02 | Jun 21, 2007 | Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message. | |||
| CVE-2007-3319 | 0.00 | — | 0.02 | Jun 21, 2007 | The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or… | |||
| CVE-2007-3321 | 0.00 | — | 0.01 | Jun 21, 2007 | The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp). | |||
| CVE-2007-3317 | 0.00 | — | 0.02 | Jun 21, 2007 | The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message. | |||
| CVE-2007-3322 | 0.00 | — | 0.01 | Jun 21, 2007 | The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port. | |||
| CVE-2007-3320 | 0.00 | — | 0.01 | Jun 21, 2007 | The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact. | |||
| CVE-2007-1490 | 0.00 | — | 0.01 | Mar 16, 2007 | Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). | |||
| CVE-2007-1491 | 0.00 | — | 0.00 | Mar 16, 2007 | Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | |||
| CVE-2007-1367 | 0.00 | — | 0.01 | Mar 9, 2007 | Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. | |||
| CVE-2006-0718 | 0.00 | — | 0.02 | Feb 15, 2006 | The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.… | |||
| CVE-2005-2762 | 0.00 | — | 0.00 | Dec 31, 2005 | Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. | |||
| CVE-2005-4471 | 0.00 | — | 0.02 | Dec 22, 2005 | POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | |||
| CVE-2005-3253 | 0.00 | — | 0.02 | Dec 16, 2005 | Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows… | |||
| CVE-2005-3989 | 0.00 | — | 0.02 | Dec 4, 2005 | Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | |||
| CVE-2005-0003 | 0.00 | — | 0.01 | Apr 14, 2005 | The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF… | |||
| CVE-2004-0494 | 0.00 | — | 0.02 | Nov 23, 2004 | Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||
| CVE-2004-0800 | 0.00 | — | 0.00 | Aug 24, 2004 | Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value. | |||
| CVE-2004-0205 | 0.00 | — | 0.24 | Aug 6, 2004 | Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. | |||
| CVE-2004-0495 | 0.00 | — | 0.00 | Aug 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | |||
| CVE-2002-1229 | 0.00 | — | 0.03 | Oct 28, 2002 | Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. |
- CVE-2018-15614Jan 23, 2019risk 0.00cvss —epss 0.01
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0…
- CVE-2018-15329Dec 20, 2018risk 0.00cvss —epss 0.01
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed…
- CVE-2018-15328Dec 12, 2018risk 0.00cvss —epss 0.02
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are…
- CVE-2018-10587Nov 1, 2018risk 0.00cvss —epss 0.03
NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution.
- CVE-2018-15322Oct 31, 2018risk 0.00cvss —epss 0.01
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with…
- CVE-2018-15616Oct 17, 2018risk 0.00cvss —epss 0.03
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0…
- CVE-2011-5096Jul 3, 2012risk 0.00cvss —epss 0.04
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted…
- CVE-2011-4326May 17, 2012risk 0.00cvss —epss 0.03
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge…
- CVE-2011-3008Aug 5, 2011risk 0.00cvss —epss 0.02
The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative…
- CVE-2011-1229Apr 13, 2011risk 0.00cvss —epss 0.01
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers…
- CVE-2008-6711Apr 10, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
- CVE-2008-6710Apr 10, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or…
- CVE-2008-6709Apr 10, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local…
- CVE-2008-6708Apr 10, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration…
- CVE-2008-6707Apr 10, 2009risk 0.00cvss —epss 0.01
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted…
- CVE-2008-6706Apr 10, 2009risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration…
- CVE-2008-6575Apr 1, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
- CVE-2008-6574Apr 1, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
- CVE-2008-6573Apr 1, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager…
- CVE-2008-6141Feb 14, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data.
- CVE-2008-6140Feb 14, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
- CVE-2008-5882Jan 9, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
- CVE-2008-5710Dec 24, 2008risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
- CVE-2008-5709Dec 24, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static…
- CVE-2008-3777Aug 25, 2008risk 0.00cvss —epss 0.00
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to…
- CVE-2008-3778Aug 25, 2008risk 0.00cvss —epss 0.01
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause…
- CVE-2008-3081Jul 9, 2008risk 0.00cvss —epss 0.03
Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute…
- CVE-2007-5830Nov 5, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
- CVE-2007-5556Oct 18, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known…
- CVE-2007-3286Sep 19, 2007risk 0.00cvss —epss 0.02
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-3318Jun 21, 2007risk 0.00cvss —epss 0.02
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.
- CVE-2007-3319Jun 21, 2007risk 0.00cvss —epss 0.02
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or…
- CVE-2007-3321Jun 21, 2007risk 0.00cvss —epss 0.01
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).
- CVE-2007-3317Jun 21, 2007risk 0.00cvss —epss 0.02
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.
- CVE-2007-3322Jun 21, 2007risk 0.00cvss —epss 0.01
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.
- CVE-2007-3320Jun 21, 2007risk 0.00cvss —epss 0.01
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.
- CVE-2007-1490Mar 16, 2007risk 0.00cvss —epss 0.01
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
- CVE-2007-1491Mar 16, 2007risk 0.00cvss —epss 0.00
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
- CVE-2007-1367Mar 9, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.
- CVE-2006-0718Feb 15, 2006risk 0.00cvss —epss 0.02
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.…
- CVE-2005-2762Dec 31, 2005risk 0.00cvss —epss 0.00
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
- CVE-2005-4471Dec 22, 2005risk 0.00cvss —epss 0.02
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
- CVE-2005-3253Dec 16, 2005risk 0.00cvss —epss 0.02
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows…
- CVE-2005-3989Dec 4, 2005risk 0.00cvss —epss 0.02
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.
- CVE-2005-0003Apr 14, 2005risk 0.00cvss —epss 0.01
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF…
- CVE-2004-0494Nov 23, 2004risk 0.00cvss —epss 0.02
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
- CVE-2004-0800Aug 24, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
- CVE-2004-0205Aug 6, 2004risk 0.00cvss —epss 0.24
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
- CVE-2004-0495Aug 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
- CVE-2002-1229Oct 28, 2002risk 0.00cvss —epss 0.03
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
Page 3 of 4