Filtered by vendor Avaya
Subscribe
Total
131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2020-11-29 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | |||||
| CVE-2020-7029 | 1 Avaya | 2 Aura Communication Manager, Aura Messaging | 2020-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. | |||||
| CVE-2020-7030 | 1 Avaya | 1 Ip Office | 2020-06-09 | 2.1 LOW | 5.5 MEDIUM |
| A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. | |||||
| CVE-2019-7007 | 1 Avaya | 1 Aura Conferencing | 2020-03-06 | 5.0 MEDIUM | 8.6 HIGH |
| A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | |||||
| CVE-2016-5285 | 5 Avaya, Debian, Mozilla and 2 more | 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more | 2020-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2019-7001 | 1 Avaya | 1 Ip Office Contact Center | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. | |||||
| CVE-2018-15617 | 1 Avaya | 1 Aura Communication Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. | |||||
| CVE-2018-15616 | 1 Avaya | 1 Avaya Aura System Platform | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. | |||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | |||||
| CVE-2018-15614 | 1 Avaya | 1 Ip Office | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. | |||||
| CVE-2018-15613 | 1 Avaya | 1 Aura Orchestration Designer | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
| CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
| CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | |||||
| CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | |||||
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2019-10-03 | 6.0 MEDIUM | 7.5 HIGH |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
| CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2019-04-30 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. | |||||
| CVE-2007-2374 | 2 Avaya, Microsoft | 7 Definity One Media Server, Media Server, S3400 and 4 more | 2019-04-30 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | |||||
| CVE-2004-0201 | 2 Avaya, Microsoft | 11 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 8 more | 2019-04-30 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | |||||
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2018-10-30 | 7.5 HIGH | N/A |
| Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | |||||
| CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2018-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | |||||