MidnightBSD

Advisories for avaya

CVE-2001-1259 MEDIUM

Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya argent_office *
CVE-2001-1260 HIGH

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya argent_office *
CVE-2001-1261 MEDIUM

Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya argent_office 2.1
CVE-2001-1262 HIGH

Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya argent_office 2.1
CVE-2001-1494 LOW

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
avaya cvlan *
avaya intuity_lx *
kernel util-linux *
avaya integrated_management_suit *
avaya messaging_storage_server *
avaya interactive_response *
avaya message_networking *
CVE-2002-0175 MEDIUM

libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya libsafe 2.0.2
avaya libsafe 2.0.11
avaya libsafe 2.0.5
avaya libsafe 2.0.10
avaya libsafe 1.3.8
avaya libsafe 2.0.9
avaya libsafe 1.3.4
CVE-2002-0176 MEDIUM

The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya libsafe 2.0.2
avaya libsafe 2.0.11
avaya libsafe 2.0.5
avaya libsafe 2.0.10
avaya libsafe 1.3.8
avaya libsafe 2.0.9
avaya libsafe 1.3.4
CVE-2002-1229 HIGH

Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya cajun_p880 5.2.14
avaya cajun_p550r 5.2.14
avaya cajun_p580 5.2.14
avaya cajun_p550 4.3.5
avaya cajun_p882 5.2.14
CVE-2002-1448 HIGH

An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya cajun_m770-atm *
avaya cajun_p130 *
avaya cajun_p330 *
CVE-2003-1359 HIGH

Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
avaya predictive_dialer_system 11
hp hp-ux 10.26
hp hp-ux 10.34
hp hp-ux 10.16
hp hp-ux 11.00
hp hp-ux 11.04
hp hp-ux 10.00
hp hp-ux 10.10
hp hp-ux 10.01
hp hp-ux 11.11
hp hp-ux 10.09
hp hp-ux 10.30
avaya predictive_dialer_system 9.0
hp hp-ux 11.22
hp hp-ux 11.20
hp hp-ux 11.0.4
avaya predictive_dialer_system 12
hp hp-ux 10.20
hp hp-ux 10.24
hp hp-ux 10.08
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
openssl openssl 0.9.6e
cisco webns 7.10
freebsd freebsd 4.8
lite speed_technologies_litespeed_web_server 1.0.3
stonesoft stonegate_vpn_client 1.7
lite speed_technologies_litespeed_web_server 1.2.1
hp apache-based_web_server 2.0.43.04
avaya vsu 7500_r2.0.1
avaya vsu 5
novell imanager 1.5
cisco pix_firewall_software 6.3(3.102)
securecomputing sidewinder 5.2.0.01
avaya intuity_audix *
checkpoint firewall-1 2.0
cisco pix_firewall_software 6.0
stonesoft stonebeat_fullcluster 3.0
stonesoft stonebeat_webcluster 2.0
stonesoft stonegate 2.2.4
stonesoft stonegate_vpn_client 2.0.8
securecomputing sidewinder 5.2.1.02
cisco pix_firewall_software 6.2(3)
lite speed_technologies_litespeed_web_server 1.3_rc1
openssl openssl 0.9.6g
openbsd openbsd 3.4
hp wbem a.02.00.01
cisco pix_firewall_software 6.3(3.109)
hp hp-ux 8.05
avaya s8300 r2.0.0
avaya intuity_audix s3400
neoteris instant_virtual_extranet 3.3.1
4d webstar 5.2.3
cisco webns 7.2_0.0.03
vmware gsx_server 3.0_build_7592
stonesoft stonegate 1.6.3
cisco ios 12.1(11b)e14
openssl openssl 0.9.6k
dell bsafe_ssl-j 3.0
vmware gsx_server 2.5.1_build_5336
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.2
cisco pix_firewall_software 6.2(3.100)
stonesoft stonegate 2.0.7
hp hp-ux 11.11
lite speed_technologies_litespeed_web_server 1.2_rc2
cisco pix_firewall_software 6.3
novell edirectory 8.0
checkpoint firewall-1 *
avaya s8700 r2.0.0
bluecoat cacheos_ca_sa 4.1.10
dell bsafe_ssl-j 3.1
securecomputing sidewinder 5.2.1
checkpoint vpn-1 next_generation_fp1
avaya sg203 4.4
stonesoft stonegate 2.0.6
redhat linux 7.3
stonesoft stonegate 1.7.2
openssl openssl 0.9.7a
cisco ios 12.2za
checkpoint firewall-1 next_generation_fp0
cisco pix_firewall_software 6.1(4)
hp hp-ux 11.23
cisco content_services_switch_11500 *
stonesoft stonebeat_securitycluster 2.0
vmware gsx_server 2.0.1_build_2129
avaya sg5 4.3
checkpoint vpn-1 next_generation_fp0
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.1(1)
stonesoft servercluster 2.5
bluecoat proxysg *
novell edirectory 8.7.1
apple mac_os_x 10.3.3
cisco pix_firewall 6.2.2_.111
avaya intuity_audix 5.1.46
novell edirectory 8.5.27
stonesoft stonegate_vpn_client 1.7.2
cisco access_registrar *
avaya s8500 r2.0.0
novell edirectory 8.7
neoteris instant_virtual_extranet 3.1
redhat linux 8.0
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(2)
lite speed_technologies_litespeed_web_server 1.3
redhat openssl 0.9.7a-2
novell edirectory 8.6.2
tarantella tarantella_enterprise 3.40
checkpoint firewall-1 next_generation_fp2
stonesoft stonegate 1.7.1
freebsd freebsd 4.9
avaya intuity_audix s3210
avaya s8500 r2.0.1
cisco webns 6.10_b4
dell bsafe_ssl-j 3.0.1
freebsd freebsd 5.2
openssl openssl 0.9.6f
freebsd freebsd 5.1
stonesoft stonegate 1.5.18
hp apache-based_web_server 2.0.43.00
lite speed_technologies_litespeed_web_server 1.1
cisco gss_4480_global_site_selector *
openssl openssl 0.9.6d
avaya vsu 500
redhat enterprise_linux_desktop 3.0
hp wbem a.02.00.00
cisco call_manager *
stonesoft stonegate_vpn_client 2.0.9
cisco ios 12.2(14)sy1
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.2(2)
avaya sg200 4.4
vmware gsx_server 2.0
avaya sg208 4.4
freebsd freebsd 5.2.1
stonesoft stonegate 2.0.4
4d webstar 5.2.4
sgi propack 2.3
lite speed_technologies_litespeed_web_server 1.2.2
cisco secure_content_accelerator 10000
openssl openssl 0.9.6h
avaya converged_communications_server 2.0
lite speed_technologies_litespeed_web_server 1.0.2
cisco pix_firewall_software 6.0(4.101)
lite speed_technologies_litespeed_web_server 1.1.1
securecomputing sidewinder 5.2
stonesoft stonegate 2.0.5
checkpoint provider-1 4.1
checkpoint firewall-1 next_generation_fp1
redhat linux 7.2
tarantella tarantella_enterprise 3.30
securecomputing sidewinder 5.2.0.02
tarantella tarantella_enterprise 3.20
stonesoft stonegate_vpn_client 2.0
openssl openssl 0.9.6j
stonesoft stonegate 2.2
cisco firewall_services_module 1.1_(3.005)
redhat openssl 0.9.6-15
stonesoft stonegate_vpn_client 2.0.7
cisco ios 12.1(11)e
avaya s8300 r2.0.1
4d webstar 5.2.2
avaya vsu 5000_r2.0.1
stonesoft stonegate 2.0.9
hp wbem a.01.05.08
4d webstar 5.3.1
novell edirectory 8.5
avaya sg203 4.31.29
lite speed_technologies_litespeed_web_server 1.3.1
hp aaa_server *
cisco gss_4490_global_site_selector *
cisco ios 12.1(11b)e12
cisco pix_firewall_software 6.0(4)
cisco css11000_content_services_switch *
cisco pix_firewall_software 6.2(1)
cisco pix_firewall_software 6.1
4d webstar 5.2.1
stonesoft stonegate 1.5.17
4d webstar 5.2
4d webstar 5.3
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_fullcluster 2.0
symantec clientless_vpn_gateway_4400 5.0
cisco okena_stormwatch 3.2
openssl openssl 0.9.7c
avaya sg5 4.2
cisco firewall_services_module 2.1_(0.208)
cisco application_and_content_networking_software *
cisco webns 7.10_.0.06s
cisco pix_firewall_software 6.3(1)
4d webstar 4.0
avaya vsu 10000_r2.0.1
cisco webns 6.10
cisco pix_firewall_software 6.0(1)
openssl openssl 0.9.6i
avaya sg5 4.4
redhat enterprise_linux 3.0
stonesoft stonegate 1.6.2
lite speed_technologies_litespeed_web_server 1.3_rc2
securecomputing sidewinder 5.2.0.04
neoteris instant_virtual_extranet 3.3
sgi propack 3.0
novell edirectory 8.5.12a
checkpoint vpn-1 next_generation_fp2
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco threat_response *
avaya sg208 *
neoteris instant_virtual_extranet 3.0
cisco ios 12.1(19)e1
cisco pix_firewall_software 6.3(2)
stonesoft stonebeat_fullcluster 1_3.0
sco openserver 5.0.6
openssl openssl 0.9.6c
cisco pix_firewall_software 6.1(5)
cisco ios 12.2(14)sy
stonesoft stonegate 2.0.8
lite speed_technologies_litespeed_web_server 1.2_rc1
cisco pix_firewall_software 6.1(2)
bluecoat cacheos_ca_sa 4.1.12
openssl openssl 0.9.7b
lite speed_technologies_litespeed_web_server 1.0.1
cisco pix_firewall_software 6.1(3)
avaya sg200 4.31.29
cisco firewall_services_module *
avaya vsu 2000_r2.0.1
redhat openssl 0.9.6b-3
lite speed_technologies_litespeed_web_server 1.3_rc3
avaya vsu 100_r2.0.1
stonesoft stonegate 2.2.1
sgi propack 2.4
securecomputing sidewinder 5.2.0.03
cisco ios 12.2sy
cisco ciscoworks_common_management_foundation 2.1
stonesoft stonegate 1.7
cisco webns 7.1_0.2.06
cisco ciscoworks_common_services 2.2
sco openserver 5.0.7
avaya vsu 5x
cisco css_secure_content_accelerator 1.0
neoteris instant_virtual_extranet 3.2
cisco firewall_services_module 1.1.2
avaya s8700 r2.0.1
stonesoft stonebeat_securitycluster 2.5
stonesoft stonebeat_fullcluster 2.5
cisco mds_9000 *
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonegate 2.0.1
vmware gsx_server 2.5.1
hp hp-ux 11.00
sun crypto_accelerator_4000 1.0
openbsd openbsd 3.3
novell imanager 2.0
cisco firewall_services_module 1.1.3
cisco ios 12.1(11b)e
stonesoft stonegate 2.1
stonesoft servercluster 2.5.2
cisco pix_firewall_software 6.0(3)
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openssl openssl 0.9.6e
cisco webns 7.10
freebsd freebsd 4.8
lite speed_technologies_litespeed_web_server 1.0.3
stonesoft stonegate_vpn_client 1.7
lite speed_technologies_litespeed_web_server 1.2.1
hp apache-based_web_server 2.0.43.04
avaya vsu 7500_r2.0.1
avaya vsu 5
novell imanager 1.5
cisco pix_firewall_software 6.3(3.102)
securecomputing sidewinder 5.2.0.01
avaya intuity_audix *
checkpoint firewall-1 2.0
cisco pix_firewall_software 6.0
stonesoft stonebeat_fullcluster 3.0
stonesoft stonebeat_webcluster 2.0
stonesoft stonegate 2.2.4
stonesoft stonegate_vpn_client 2.0.8
securecomputing sidewinder 5.2.1.02
cisco pix_firewall_software 6.2(3)
lite speed_technologies_litespeed_web_server 1.3_rc1
openssl openssl 0.9.6g
openbsd openbsd 3.4
hp wbem a.02.00.01
cisco pix_firewall_software 6.3(3.109)
hp hp-ux 8.05
avaya s8300 r2.0.0
avaya intuity_audix s3400
neoteris instant_virtual_extranet 3.3.1
4d webstar 5.2.3
cisco webns 7.2_0.0.03
vmware gsx_server 3.0_build_7592
stonesoft stonegate 1.6.3
cisco ios 12.1(11b)e14
openssl openssl 0.9.6k
dell bsafe_ssl-j 3.0
vmware gsx_server 2.5.1_build_5336
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.2
cisco pix_firewall_software 6.2(3.100)
stonesoft stonegate 2.0.7
hp hp-ux 11.11
lite speed_technologies_litespeed_web_server 1.2_rc2
cisco pix_firewall_software 6.3
novell edirectory 8.0
checkpoint firewall-1 *
avaya s8700 r2.0.0
bluecoat cacheos_ca_sa 4.1.10
dell bsafe_ssl-j 3.1
securecomputing sidewinder 5.2.1
checkpoint vpn-1 next_generation_fp1
avaya sg203 4.4
stonesoft stonegate 2.0.6
redhat linux 7.3
stonesoft stonegate 1.7.2
openssl openssl 0.9.7a
cisco ios 12.2za
checkpoint firewall-1 next_generation_fp0
checkpoint vpn-1 next_generation
cisco pix_firewall_software 6.1(4)
hp hp-ux 11.23
cisco content_services_switch_11500 *
stonesoft stonebeat_securitycluster 2.0
vmware gsx_server 2.0.1_build_2129
avaya sg5 4.3
checkpoint vpn-1 next_generation_fp0
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.1(1)
stonesoft servercluster 2.5
bluecoat proxysg *
novell edirectory 8.7.1
apple mac_os_x 10.3.3
cisco pix_firewall 6.2.2_.111
avaya intuity_audix 5.1.46
novell edirectory 8.5.27
stonesoft stonegate_vpn_client 1.7.2
cisco access_registrar *
avaya s8500 r2.0.0
novell edirectory 8.7
neoteris instant_virtual_extranet 3.1
redhat linux 8.0
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(2)
lite speed_technologies_litespeed_web_server 1.3
redhat openssl 0.9.7a-2
novell edirectory 8.6.2
tarantella tarantella_enterprise 3.40
checkpoint firewall-1 next_generation_fp2
stonesoft stonegate 1.7.1
freebsd freebsd 4.9
avaya intuity_audix s3210
avaya s8500 r2.0.1
cisco webns 6.10_b4
dell bsafe_ssl-j 3.0.1
freebsd freebsd 5.2
openssl openssl 0.9.6f
freebsd freebsd 5.1
stonesoft stonegate 1.5.18
hp apache-based_web_server 2.0.43.00
lite speed_technologies_litespeed_web_server 1.1
cisco gss_4480_global_site_selector *
openssl openssl 0.9.6d
avaya vsu 500
redhat enterprise_linux_desktop 3.0
hp wbem a.02.00.00
cisco call_manager *
stonesoft stonegate_vpn_client 2.0.9
cisco ios 12.2(14)sy1
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.2(2)
avaya sg200 4.4
vmware gsx_server 2.0
avaya sg208 4.4
freebsd freebsd 5.2.1
stonesoft stonegate 2.0.4
4d webstar 5.2.4
sgi propack 2.3
lite speed_technologies_litespeed_web_server 1.2.2
cisco secure_content_accelerator 10000
openssl openssl 0.9.6h
avaya converged_communications_server 2.0
lite speed_technologies_litespeed_web_server 1.0.2
cisco pix_firewall_software 6.0(4.101)
lite speed_technologies_litespeed_web_server 1.1.1
securecomputing sidewinder 5.2
stonesoft stonegate 2.0.5
checkpoint provider-1 4.1
checkpoint firewall-1 next_generation_fp1
redhat linux 7.2
tarantella tarantella_enterprise 3.30
securecomputing sidewinder 5.2.0.02
tarantella tarantella_enterprise 3.20
stonesoft stonegate_vpn_client 2.0
openssl openssl 0.9.6j
stonesoft stonegate 2.2
cisco firewall_services_module 1.1_(3.005)
redhat openssl 0.9.6-15
stonesoft stonegate_vpn_client 2.0.7
cisco ios 12.1(11)e
avaya s8300 r2.0.1
4d webstar 5.2.2
avaya vsu 5000_r2.0.1
stonesoft stonegate 2.0.9
hp wbem a.01.05.08
4d webstar 5.3.1
novell edirectory 8.5
avaya sg203 4.31.29
lite speed_technologies_litespeed_web_server 1.3.1
hp aaa_server *
cisco gss_4490_global_site_selector *
cisco ios 12.1(11b)e12
cisco pix_firewall_software 6.0(4)
cisco css11000_content_services_switch *
cisco pix_firewall_software 6.2(1)
cisco pix_firewall_software 6.1
4d webstar 5.2.1
stonesoft stonegate 1.5.17
4d webstar 5.2
4d webstar 5.3
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_fullcluster 2.0
symantec clientless_vpn_gateway_4400 5.0
cisco okena_stormwatch 3.2
openssl openssl 0.9.7c
avaya sg5 4.2
cisco firewall_services_module 2.1_(0.208)
cisco application_and_content_networking_software *
cisco webns 7.10_.0.06s
cisco pix_firewall_software 6.3(1)
4d webstar 4.0
avaya vsu 10000_r2.0.1
cisco webns 6.10
cisco pix_firewall_software 6.0(1)
openssl openssl 0.9.6i
avaya sg5 4.4
redhat enterprise_linux 3.0
stonesoft stonegate 1.6.2
lite speed_technologies_litespeed_web_server 1.3_rc2
securecomputing sidewinder 5.2.0.04
neoteris instant_virtual_extranet 3.3
sgi propack 3.0
novell edirectory 8.5.12a
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco threat_response *
avaya sg208 *
neoteris instant_virtual_extranet 3.0
cisco ios 12.1(19)e1
cisco pix_firewall_software 6.3(2)
stonesoft stonebeat_fullcluster 1_3.0
sco openserver 5.0.6
openssl openssl 0.9.6c
cisco pix_firewall_software 6.1(5)
cisco ios 12.2(14)sy
stonesoft stonegate 2.0.8
lite speed_technologies_litespeed_web_server 1.2_rc1
cisco pix_firewall_software 6.1(2)
bluecoat cacheos_ca_sa 4.1.12
openssl openssl 0.9.7b
lite speed_technologies_litespeed_web_server 1.0.1
cisco pix_firewall_software 6.1(3)
avaya sg200 4.31.29
cisco firewall_services_module *
avaya vsu 2000_r2.0.1
redhat openssl 0.9.6b-3
lite speed_technologies_litespeed_web_server 1.3_rc3
avaya vsu 100_r2.0.1
stonesoft stonegate 2.2.1
sgi propack 2.4
securecomputing sidewinder 5.2.0.03
cisco ios 12.2sy
cisco ciscoworks_common_management_foundation 2.1
stonesoft stonegate 1.7
cisco webns 7.1_0.2.06
cisco ciscoworks_common_services 2.2
sco openserver 5.0.7
avaya vsu 5x
cisco css_secure_content_accelerator 1.0
neoteris instant_virtual_extranet 3.2
cisco firewall_services_module 1.1.2
avaya s8700 r2.0.1
stonesoft stonebeat_securitycluster 2.5
stonesoft stonebeat_fullcluster 2.5
cisco mds_9000 *
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonegate 2.0.1
vmware gsx_server 2.5.1
hp hp-ux 11.00
sun crypto_accelerator_4000 1.0
openbsd openbsd 3.3
novell imanager 2.0
cisco firewall_services_module 1.1.3
cisco ios 12.1(11b)e
stonesoft stonegate 2.1
stonesoft servercluster 2.5.2
cisco pix_firewall_software 6.0(3)
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
openssl openssl 0.9.6e
cisco webns 7.10
freebsd freebsd 4.8
forcepoint stonegate 2.0.5
forcepoint stonegate 2.1
hp apache-based_web_server 2.0.43.04
avaya vsu 7500_r2.0.1
forcepoint stonegate 2.0.8
avaya vsu 5
novell imanager 1.5
cisco pix_firewall_software 6.3(3.102)
securecomputing sidewinder 5.2.0.01
avaya intuity_audix *
checkpoint firewall-1 2.0
cisco pix_firewall_software 6.0
stonesoft stonebeat_fullcluster 3.0
stonesoft stonebeat_webcluster 2.0
securecomputing sidewinder 5.2.1.02
cisco pix_firewall_software 6.2(3)
openssl openssl 0.9.6g
openbsd openbsd 3.4
hp wbem a.02.00.01
cisco pix_firewall_software 6.3(3.109)
hp hp-ux 8.05
avaya s8300 r2.0.0
avaya intuity_audix s3400
neoteris instant_virtual_extranet 3.3.1
4d webstar 5.2.3
cisco webns 7.2_0.0.03
vmware gsx_server 3.0_build_7592
cisco ios 12.1(11b)e14
openssl openssl 0.9.6k
dell bsafe_ssl-j 3.0
vmware gsx_server 2.5.1_build_5336
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.2
cisco pix_firewall_software 6.2(3.100)
forcepoint stonegate 2.0.9
forcepoint stonegate 2.2.1
hp hp-ux 11.11
cisco pix_firewall_software 6.3
novell edirectory 8.0
checkpoint firewall-1 *
forcepoint stonegate 1.5.17
avaya s8700 r2.0.0
bluecoat cacheos_ca_sa 4.1.10
dell bsafe_ssl-j 3.1
forcepoint stonegate 2.0.1
securecomputing sidewinder 5.2.1
checkpoint vpn-1 next_generation_fp1
avaya sg203 4.4
redhat linux 7.3
openssl openssl 0.9.7a
cisco ios 12.2za
checkpoint firewall-1 next_generation_fp0
litespeedtech litespeed_web_server 1.0.1
cisco pix_firewall_software 6.1(4)
hp hp-ux 11.23
cisco content_services_switch_11500 *
stonesoft stonebeat_securitycluster 2.0
vmware gsx_server 2.0.1_build_2129
avaya sg5 4.3
checkpoint vpn-1 next_generation_fp0
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.1(1)
stonesoft servercluster 2.5
bluecoat proxysg *
novell edirectory 8.7.1
apple mac_os_x 10.3.3
cisco pix_firewall 6.2.2_.111
avaya intuity_audix 5.1.46
novell edirectory 8.5.27
cisco access_registrar *
avaya s8500 r2.0.0
novell edirectory 8.7
neoteris instant_virtual_extranet 3.1
redhat linux 8.0
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(2)
redhat openssl 0.9.7a-2
novell edirectory 8.6.2
forcepoint stonegate 1.7
tarantella tarantella_enterprise 3.40
checkpoint firewall-1 next_generation_fp2
freebsd freebsd 4.9
avaya intuity_audix s3210
avaya s8500 r2.0.1
cisco webns 6.10_b4
dell bsafe_ssl-j 3.0.1
freebsd freebsd 5.2
openssl openssl 0.9.6f
freebsd freebsd 5.1
hp apache-based_web_server 2.0.43.00
cisco gss_4480_global_site_selector *
openssl openssl 0.9.6d
avaya vsu 500
redhat enterprise_linux_desktop 3.0
hp wbem a.02.00.00
cisco call_manager *
cisco ios 12.2(14)sy1
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.2(2)
avaya sg200 4.4
vmware gsx_server 2.0
avaya sg208 4.4
freebsd freebsd 5.2.1
4d webstar 5.2.4
sgi propack 2.3
cisco secure_content_accelerator 10000
openssl openssl 0.9.6h
avaya converged_communications_server 2.0
cisco pix_firewall_software 6.0(4.101)
securecomputing sidewinder 5.2
forcepoint stonegate 1.6.3
checkpoint provider-1 4.1
checkpoint firewall-1 next_generation_fp1
redhat linux 7.2
tarantella tarantella_enterprise 3.30
securecomputing sidewinder 5.2.0.02
tarantella tarantella_enterprise 3.20
forcepoint stonegate 1.6.2
openssl openssl 0.9.6j
cisco firewall_services_module 1.1_(3.005)
redhat openssl 0.9.6-15
cisco ios 12.1(11)e
forcepoint stonegate 2.0.6
avaya s8300 r2.0.1
4d webstar 5.2.2
avaya vsu 5000_r2.0.1
hp wbem a.01.05.08
4d webstar 5.3.1
novell edirectory 8.5
avaya sg203 4.31.29
hp aaa_server *
cisco gss_4490_global_site_selector *
cisco ios 12.1(11b)e12
cisco pix_firewall_software 6.0(4)
cisco css11000_content_services_switch *
cisco pix_firewall_software 6.2(1)
cisco pix_firewall_software 6.1
4d webstar 5.2.1
4d webstar 5.2
4d webstar 5.3
forcepoint stonegate 2.0.4
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_fullcluster 2.0
symantec clientless_vpn_gateway_4400 5.0
cisco okena_stormwatch 3.2
forcepoint stonegate 2.2
openssl openssl 0.9.7c
avaya sg5 4.2
cisco firewall_services_module 2.1_(0.208)
cisco application_and_content_networking_software *
cisco webns 7.10_.0.06s
cisco pix_firewall_software 6.3(1)
4d webstar 4.0
avaya vsu 10000_r2.0.1
cisco webns 6.10
cisco pix_firewall_software 6.0(1)
openssl openssl 0.9.6i
forcepoint stonegate 1.5.18
avaya sg5 4.4
redhat enterprise_linux 3.0
securecomputing sidewinder 5.2.0.04
neoteris instant_virtual_extranet 3.3
sgi propack 3.0
novell edirectory 8.5.12a
forcepoint stonegate 1.7.2
checkpoint vpn-1 next_generation_fp2
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco threat_response *
avaya sg208 *
neoteris instant_virtual_extranet 3.0
cisco ios 12.1(19)e1
cisco pix_firewall_software 6.3(2)
stonesoft stonebeat_fullcluster 1_3.0
forcepoint stonegate 1.7.1
sco openserver 5.0.6
openssl openssl 0.9.6c
cisco pix_firewall_software 6.1(5)
cisco ios 12.2(14)sy
forcepoint stonegate 2.0.7
cisco pix_firewall_software 6.1(2)
bluecoat cacheos_ca_sa 4.1.12
openssl openssl 0.9.7b
cisco pix_firewall_software 6.1(3)
avaya sg200 4.31.29
cisco firewall_services_module *
avaya vsu 2000_r2.0.1
redhat openssl 0.9.6b-3
avaya vsu 100_r2.0.1
sgi propack 2.4
securecomputing sidewinder 5.2.0.03
cisco ios 12.2sy
cisco ciscoworks_common_management_foundation 2.1
cisco webns 7.1_0.2.06
cisco ciscoworks_common_services 2.2
sco openserver 5.0.7
avaya vsu 5x
cisco css_secure_content_accelerator 1.0
neoteris instant_virtual_extranet 3.2
cisco firewall_services_module 1.1.2
avaya s8700 r2.0.1
stonesoft stonebeat_securitycluster 2.5
stonesoft stonebeat_fullcluster 2.5
cisco mds_9000 *
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 1_2.0
vmware gsx_server 2.5.1
hp hp-ux 11.00
sun crypto_accelerator_4000 1.0
openbsd openbsd 3.3
forcepoint stonegate 2.2.4
novell imanager 2.0
cisco firewall_services_module 1.1.3
cisco ios 12.1(11b)e
stonesoft servercluster 2.5.2
cisco pix_firewall_software 6.0(3)
CVE-2004-0201 HIGH

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_nt 4.0
microsoft windows_me *
microsoft windows_98 *
microsoft windows_2003_server enterprise
microsoft windows_2003_server r2
microsoft windows_2003_server enterprise_64-bit
microsoft windows_2003_server web
microsoft windows_2000 *
microsoft windows_xp *
microsoft windows_2003_server standard
avaya ip600_media_servers *
microsoft windows_98se *
avaya s8100 *
avaya modular_messaging_message_storage_server s3400
avaya definity_one_media_server *
CVE-2004-0205 HIGH

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya ip600_media_servers *
microsoft internet_information_server 4.0
avaya s8100 *
avaya modular_messaging_message_storage_server s3400
avaya definity_one_media_server *
CVE-2004-0212 HIGH

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_2000 *
microsoft windows_xp *
microsoft windows_nt 4.0
avaya ip600_media_servers *
avaya s8100 *
avaya modular_messaging_message_storage_server s3400
avaya definity_one_media_server *
microsoft ie 6.0
CVE-2004-0215 MEDIUM

Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya ip600_media_servers *
microsoft outlook_express 6.0
avaya s8100 *
avaya modular_messaging_message_storage_server s3400
avaya definity_one_media_server *
CVE-2004-0493 MEDIUM

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm http_server 2.0.42
apache http_server 2.0.49
trustix secure_linux 2.0
apache http_server 2.0.47
avaya converged_communications_server 2.0
ibm http_server 2.0.42.2
ibm http_server 2.0.47
gentoo linux 1.4
ibm http_server 2.0.47.1
avaya s8300 r2.0.0
apache http_server 2.0.48
ibm http_server 2.0.42.1
trustix secure_linux 1.5
avaya s8500 r2.0.0
trustix secure_linux 2.1
avaya s8700 r2.0.0
CVE-2004-0494 HIGH

Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 2.1
avaya cvlan *
redhat enterprise_linux_desktop 3.0
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 3.0
CVE-2004-0495 HIGH

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 9.0
avaya s8300 r2.0.1
linux linux_kernel 2.4.22
avaya converged_communications_server 2.0
avaya s8500 r2.0.1
linux linux_kernel 2.6.1
suse suse_email_server 3.1
suse suse_linux 8.1
redhat enterprise_linux 2.1
suse suse_linux 8
suse suse_linux 9.1
linux linux_kernel 2.4.26
gentoo linux 1.4
suse suse_email_server iii
linux linux_kernel 2.4.19
suse suse_linux 7
suse suse_linux 8.2
avaya intuity_audix *
suse suse_linux 8.0
linux linux_kernel 2.6.2
avaya s8700 r2.0.0
linux linux_kernel 2.6.3
avaya s8700 r2.0.1
suse suse_linux_connectivity_server *
linux linux_kernel 2.6.4
suse suse_linux_database_server *
linux linux_kernel 2.4.24
suse suse_linux_firewall_cd *
suse suse_office_server *
conectiva linux 8.0
linux linux_kernel 2.4.23
suse suse_linux_admin-cd_for_firewall *
linux linux_kernel 2.4.21
linux linux_kernel 2.6.0
linux linux_kernel 2.6.7
avaya s8300 r2.0.0
suse suse_linux_office_server *
linux linux_kernel 2.6.5
avaya modular_messaging_message_storage_server s3400
linux linux_kernel 2.4.18
avaya s8500 r2.0.0
suse suse_linux 9.0
linux linux_kernel 2.6.6
redhat enterprise_linux 3.0
linux linux_kernel 2.4.25
CVE-2004-0554 LOW

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 9.0
avaya s8300 r2.0.1
linux linux_kernel 2.4.22
avaya converged_communications_server 2.0
avaya s8500 r2.0.1
linux linux_kernel 2.6.1
suse suse_email_server 3.1
suse suse_linux 8.1
redhat enterprise_linux 2.1
suse suse_linux 8
suse suse_linux 9.1
linux linux_kernel 2.4.26
gentoo linux 1.4
suse suse_email_server iii
linux linux_kernel 2.4.19
suse suse_linux 7
suse suse_linux 8.2
avaya intuity_audix *
suse suse_linux 8.0
linux linux_kernel 2.6.2
avaya s8700 r2.0.0
linux linux_kernel 2.6.3
avaya s8700 r2.0.1
suse suse_linux_connectivity_server *
linux linux_kernel 2.6.4
suse suse_linux_database_server *
linux linux_kernel 2.4.24
suse suse_linux_firewall_cd *
suse suse_office_server *
conectiva linux 8.0
linux linux_kernel 2.4.23
suse suse_linux_admin-cd_for_firewall *
linux linux_kernel 2.4.21
linux linux_kernel 2.6.0
linux linux_kernel 2.6.7
avaya s8300 r2.0.0
suse suse_linux_office_server *
linux linux_kernel 2.6.5
avaya modular_messaging_message_storage_server s3400
linux linux_kernel 2.4.18
avaya s8500 r2.0.0
suse suse_linux 9.0
linux linux_kernel 2.6.6
redhat enterprise_linux 3.0
linux linux_kernel 2.4.25
CVE-2004-0594 MEDIUM

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
trustix secure_linux 2.0
php php *
avaya converged_communications_server 2.0
openpkg openpkg 2.0
openpkg openpkg 2.1
hp hp-ux b.11.22
hp hp-ux b.11.00
php php 5.0.0
hp hp-ux b.11.11
hp hp-ux b.11.23
debian debian_linux 3.0
trustix secure_linux 1.5
trustix secure_linux 2.1
CVE-2004-0595 MEDIUM

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php php 4.2.3
php php 4.3.6
avaya s8300 r2.0.1
php php 4.0.7
php php 4.3.0
php php 4.3.3
php php 4.2.2
avaya converged_communications_server 2.0
redhat fedora_core core_2.0
avaya s8500 r2.0.1
php php 4.0.4
php php 4.3.1
php php 4.2.1
php php 4.0.1
trustix secure_linux 1.5
avaya integrated_management *
php php 4.1.0
php php 4.3.7
avaya s8700 r2.0.0
avaya s8700 r2.0.1
php php 4.3.2
trustix secure_linux 2.0
php php 4.0
php php 4.0.3
php php 4.3.5
php php 4.0.6
php php 4.0.5
php php 4.1.1
php php 4.1.2
php php 5.0
redhat fedora_core core_1.0
php php 4.0.2
avaya s8300 r2.0.0
avaya s8500 r2.0.0
trustix secure_linux 2.1
php php 4.2.0
CVE-2004-0800 MEDIUM

Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun dtmail *
sun sunos 5.8
sun solaris 9.0
avaya call_management_system_server 9.0
avaya call_management_system_server 11.0
avaya call_management_system_server 12.0
sun solaris 8.0
CVE-2004-0839 MEDIUM

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya modular_messaging_message_storage_server 2.0
microsoft windows_2003_server enterprise
microsoft windows_2003_server r2
microsoft windows_2000 *
nortel symposium_web_centre_portal *
nortel symposium_web_client *
microsoft internet_explorer 6.0
avaya s8100 *
avaya definity_one_media_server *
microsoft windows_me *
nortel mobile_voice_client_2050 *
avaya modular_messaging_message_storage_server 1.1
avaya s3400 *
microsoft windows_98 *
nortel optivity_telephony_manager *
microsoft ie 6.0
microsoft windows_2003_server enterprise_64-bit
nortel ip_softphone_2050 *
microsoft windows_2003_server web
microsoft windows_xp *
microsoft windows_2003_server standard
microsoft internet_explorer 5.0.1
avaya ip600_media_servers *
microsoft windows_98se *
microsoft internet_explorer 5.5
CVE-2004-0841 MEDIUM

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya modular_messaging_message_storage_server 2.0
microsoft internet_explorer 5.0.1
avaya ip600_media_servers *
microsoft internet_explorer 6.0
avaya modular_messaging_message_storage_server 1.1
avaya s8100 *
avaya s3400 *
avaya definity_one_media_server *
microsoft ie 6.0
microsoft internet_explorer 5.5
CVE-2004-0842 HIGH

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya modular_messaging_message_storage_server 2.0
microsoft internet_explorer 5.0.1
avaya ip600_media_servers *
microsoft internet_explorer 6.0
avaya modular_messaging_message_storage_server 1.1
avaya s8100 *
avaya s3400 *
avaya definity_one_media_server *
microsoft ie 6.0
microsoft internet_explorer 5.5
CVE-2004-1050 HIGH

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya s8100 r9
avaya s8100 r8
avaya s8100 r10
avaya s8100 r7
avaya ip600_media_servers r6
microsoft internet_explorer 6.0
avaya s8100 *
avaya definity_one_media_server *
avaya s8100 r11
avaya s8100 r12
avaya ip600_media_servers r11
avaya ip600_media_servers r9
avaya definity_one_media_server r10
avaya definity_one_media_server r6
avaya s3400 *
avaya definity_one_media_server r7
avaya definity_one_media_server r11
avaya definity_one_media_server r8
avaya definity_one_media_server r12
microsoft ie 6.0
avaya ip600_media_servers *
avaya s8100 r6
avaya ip600_media_servers r12
avaya modular_messaging_message_storage_server s3400
avaya ip600_media_servers r8
avaya definity_one_media_server r9
avaya ip600_media_servers r7
avaya ip600_media_servers r10
CVE-2004-1082 HIGH

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya modular_messaging_message_storage_server 2.0
avaya communication_manager 1.3.1
avaya mn100 *
hp virtualvault 4.5
apache http_server 1.3.7
apache http_server 1.3.19
apache http_server 1.3
ibm http_server 1.3.19
apache http_server 1.3.3
apache http_server 1.3.9
apache http_server 1.3.14
apache http_server 1.3.25
avaya communication_manager 2.0
apache http_server 1.3.12
apache http_server 1.3.28
avaya intuity_audix_lx *
apache http_server 1.3.11
openbsd openbsd 3.5
sco openserver 5.0.7
sun sunos 5.8
sun solaris 9.0
apache http_server 1.3.18
sco openserver 5.0.6
apache http_server 1.3.17
apache http_server 1.3.22
apache http_server 1.3.1
openbsd openbsd current
hp virtualvault 4.7
apache http_server 1.3.20
apache http_server 1.3.6
avaya network_routing *
avaya modular_messaging_message_storage_server 1.1
apache http_server 1.3.23
apache http_server 1.3.4
hp webproxy a.02.10
hp virtualvault 4.6
avaya communication_manager 2.0.1
apache http_server 1.3.26
openbsd openbsd 3.4
apache http_server 1.3.24
avaya communication_manager 1.1
sun solaris 8.0
hp webproxy a.02.00
apache http_server 1.3.29
apache http_server 1.3.27
apple apache_mod_digest_apple *
CVE-2004-1235 MEDIUM

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.1
suse suse_linux 9.2
avaya mn100 *
mandrakesoft mandrake_linux 10.1
suse suse_linux 1.0
mandrakesoft mandrake_linux 10.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.24_ow1
avaya converged_communications_server 2.0
redhat fedora_core core_2.0
linux linux_kernel 2.6.1
suse suse_linux 8.1
suse suse_linux 8
linux linux_kernel 2.4.26
conectiva linux 10.0
suse suse_linux 8.2
avaya intuity_audix *
redhat enterprise_linux_desktop 4.0
linux linux_kernel 2.4.13
linux linux_kernel 2.4.10
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.4.0
linux linux_kernel 2.6.4
linux linux_kernel 2.4.24
linux linux_kernel 2.4.2
linux linux_kernel 2.4.8
linux linux_kernel 2.4.23_ow2
avaya network_routing *
linux linux_kernel 2.4.11
avaya modular_messaging_message_storage_server 1.1
mandrakesoft mandrake_linux 9.2
linux linux_kernel 2.4.21
linux linux_kernel 2.4.16
linux linux_kernel 2.4.5
linux linux_kernel 2.6.9
linux linux_kernel 2.4.14
linux linux_kernel 2.4.27
avaya s8300 r2.0.0
linux linux_kernel 2.4.18
avaya s8500 r2.0.0
suse suse_linux 9.0
linux linux_kernel 2.4.25
avaya modular_messaging_message_storage_server 2.0
linux linux_kernel 2.4.12
linux linux_kernel 2.6.10
avaya s8300 r2.0.1
linux linux_kernel 2.4.17
avaya s8710 r2.0.1
linux linux_kernel 2.4.29
linux linux_kernel 2.4.28
avaya s8500 r2.0.1
linux linux_kernel 2.4.4
linux linux_kernel 2.4.3
suse suse_linux 9.1
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
linux linux_kernel 2.6.8
avaya s8710 r2.0.0
linux linux_kernel 2.6.2
avaya s8700 r2.0.0
linux linux_kernel 2.4.20
linux linux_kernel 2.6.3
avaya s8700 r2.0.1
mandrakesoft mandrake_linux_corporate_server 3.0
mandrakesoft mandrake_linux_corporate_server 2.1
linux linux_kernel 2.4.23
mandrakesoft mandrake_multi_network_firewall 8.2
redhat linux 9.0
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.6.0
redhat enterprise_linux 4.0
redhat fedora_core core_1.0
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.7
redhat linux 7.3
linux linux_kernel 2.6.7
linux linux_kernel 2.4.6
redhat fedora_core core_3.0
linux linux_kernel 2.6.5
linux linux_kernel 2.4.9
linux linux_kernel 2.6.6
redhat enterprise_linux 3.0
CVE-2004-1307 HIGH

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 9.0
avaya mn100 *
mandrakesoft mandrake_linux 10.1
mandrakesoft mandrake_linux 10.0
avaya call_management_system_server 13.0
sgi propack 3.0
apple mac_os_x_server 10.3.3
apple mac_os_x 10.3.8
sun sunos 5.7
avaya intuity_audix_lx *
libtiff libtiff 3.5.2
sun solaris 9.0
conectiva linux 10.0
libtiff libtiff 3.5.5
avaya integrated_management *
libtiff libtiff 3.5.7
apple mac_os_x_server 10.3.2
apple mac_os_x_server 10.3
apple mac_os_x 10.3.3
avaya modular_messaging_message_storage_server 1.1
sco unixware 7.1.4
libtiff libtiff 3.6.1
gentoo linux *
libtiff libtiff 3.5.4
apple mac_os_x_server 10.3.8
f5 icontrol_service_manager 1.3
apple mac_os_x 10.3.9
avaya interactive_response *
libtiff libtiff 3.7.0
avaya modular_messaging_message_storage_server 2.0
avaya cvlan *
avaya call_management_system_server 9.0
f5 icontrol_service_manager 1.3.6
apple mac_os_x 10.3.2
sun solaris 7.0
f5 icontrol_service_manager 1.3.4
sun sunos 5.8
apple mac_os_x_server 10.3.1
apple mac_os_x 10.3
avaya call_management_system_server 12.0
apple mac_os_x 10.3.7
sun solaris 10.0
mandrakesoft mandrake_linux_corporate_server 3.0
libtiff libtiff 3.4
avaya call_management_system_server 8.0
apple mac_os_x_server 10.3.5
libtiff libtiff 3.5.3
apple mac_os_x 10.3.1
apple mac_os_x 10.3.6
avaya interactive_response 1.2.1
avaya call_management_system_server 11.0
apple mac_os_x 10.3.4
apple mac_os_x_server 10.3.4
libtiff libtiff 3.6.0
libtiff libtiff 3.5.1
apple mac_os_x_server 10.3.9
apple mac_os_x_server 10.3.6
f5 icontrol_service_manager 1.3.5
sun solaris 8.0
avaya interactive_response 1.3
apple mac_os_x_server 10.3.7
apple mac_os_x 10.3.5
CVE-2005-0003 LOW

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.1
avaya mn100 *
mandrakesoft mandrake_linux 10.1
mandrakesoft mandrake_linux 10.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.24_ow1
avaya converged_communications_server 2.0
linux linux_kernel 2.4.26
avaya intuity_audix *
linux linux_kernel 2.4.13
linux linux_kernel 2.4.10
linux linux_kernel 2.4.0
linux linux_kernel 2.4.24
linux linux_kernel 2.4.2
linux linux_kernel 2.4.8
linux linux_kernel 2.4.23_ow2
avaya network_routing *
linux linux_kernel 2.4.11
avaya modular_messaging_message_storage_server 1.1
mandrakesoft mandrake_linux 9.2
linux linux_kernel 2.4.21
linux linux_kernel 2.4.16
linux linux_kernel 2.4.5
linux linux_kernel 2.4.14
linux linux_kernel 2.4.27
avaya s8300 r2.0.0
linux linux_kernel 2.4.18
avaya s8500 r2.0.0
linux linux_kernel 2.4.25
avaya modular_messaging_message_storage_server 2.0
linux linux_kernel 2.4.12
avaya s8300 r2.0.1
linux linux_kernel 2.4.17
avaya s8710 r2.0.1
linux linux_kernel 2.4.29
linux linux_kernel 2.4.28
avaya s8500 r2.0.1
linux linux_kernel 2.4.4
linux linux_kernel 2.4.3
linux linux_kernel 2.4.15
linux linux_kernel 2.4.19
avaya s8710 r2.0.0
avaya s8700 r2.0.0
linux linux_kernel 2.4.20
avaya s8700 r2.0.1
mandrakesoft mandrake_linux_corporate_server 3.0
mandrakesoft mandrake_linux_corporate_server 2.1
linux linux_kernel 2.4.23
mandrakesoft mandrake_multi_network_firewall 8.2
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.4.7
linux linux_kernel 2.4.6
linux linux_kernel 2.4.9
redhat enterprise_linux 3.0
CVE-2005-0506 MEDIUM

The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya ip_office_phone_manager *
avaya ip_soft_phone *
CVE-2005-1125 MEDIUM

Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya libsafe 2.0.11
avaya libsafe 2.0.5
avaya libsafe 2.0.13
avaya libsafe 2.0.1
avaya libsafe 2.0.9
avaya libsafe 2.0.16
avaya libsafe 2.0.6
avaya libsafe 2.0.3
avaya libsafe 2.0.2
avaya libsafe 2.0.14
avaya libsafe 2.0.8
avaya libsafe 2.0.10
avaya libsafe 2.0.4
avaya libsafe 2.0.7
avaya libsafe 2.0.15
avaya libsafe 2.0.12
CVE-2005-2762 LOW

Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya vpnremote 4.2.29
avaya vpnremote 4.2.26
avaya vpnremote 4.2.23
avaya vpnremote 4.2.30
avaya vpnremote 4.2.24
avaya vpnremote 4.2.32
CVE-2005-3253 HIGH

Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya wireless_ap-6 2.5.4
avaya wireless_ap-7 2.5
proxim ap-4000 2.4.12
avaya wireless_ap-3 2.5
proxim ap-4000 3.0
avaya wireless_ap-6 2.5
avaya wireless_ap-3 2.5.4
avaya wireless_ap-5 2.5.4
avaya wireless_ap-8 2.5
avaya wireless_ap-4 2.5
avaya wireless_ap-4 2.5.4
proxim ap-700 2.4.12
proxim ap-700 3.0
proxim ap-2000 2.5.4
avaya wireless_ap-5 2.5
proxim ap-600 2.5.4
CVE-2005-3989 HIGH

Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya tn2602ap_ip_media_resource_320_circuit_pack vintage_4_firmware
avaya tn2602ap_ip_media_resource_320_circuit_pack vintage_6_firmware
avaya tn2602ap_ip_media_resource_320_circuit_pack vintage_5_firmware
avaya tn2602ap_ip_media_resource_320_circuit_pack *
avaya tn2602ap_ip_media_resource_320_circuit_pack vintage_7_firmware
avaya tn2602ap_ip_media_resource_320_circuit_pack vintage_3_firmware
CVE-2005-4471 MEDIUM

POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya modular_messaging_message_storage_server 2.0
avaya modular_messaging_message_storage_server 1.1
avaya modular_messaging_message_storage_server *
CVE-2006-0718 MEDIUM

The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya vsu_10000 3.2.40
avaya vsu_100 3.2.40
avaya vsu_7500 3.2.40
avaya csu_5000 3.2.40
avaya vsu_2000 3.2.40
CVE-2006-1058 LOW

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-916,

Products Affected

Vendor Product Version
avaya aura_application_enablement_services 4.01
busybox busybox 1.1.1
avaya aura_application_enablement_services 4.1
avaya messaging_storage_server *
avaya aura_sip_enablement_services *
avaya message_networking *
CVE-2007-3317 HIGH

The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya one-x *
CVE-2007-3318 MEDIUM

Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya one-x *
CVE-2007-3319 HIGH

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya 4602sw_ip_phone r2.2
CVE-2007-3320 MEDIUM

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya 4602sw_ip_phone *
CVE-2007-3321 MEDIUM

The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya 4602sw_ip_phone *
CVE-2007-3322 MEDIUM

The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya 4602sw_ip_phone *
CVE-2008-2812 HIGH

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 4.0
canonical ubuntu_linux 6.06
canonical ubuntu_linux 7.10
canonical ubuntu_linux 8.04
linux linux_kernel *
suse suse_linux_enterprise_server 10
opensuse opensuse 11.0
avaya meeting_exchange 5.0
canonical ubuntu_linux 7.04
suse suse_linux_enterprise_desktop 10
avaya sip_enablement_services 4.0
avaya message_networking 3.1
avaya proactive_contact 4.0
avaya intuity_audix_lx 2.0
opensuse opensuse 10.3
novell linux_desktop 9
avaya messaging_storage_server 4.0
avaya expanded_meet-me_conferencing *
avaya communication_manager *
avaya sip_enablement_services -
CVE-2009-0115 HIGH

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
debian debian_linux 4.0
opensuse opensuse *
fedoraproject fedora 10
suse linux_enterprise_server 9
debian debian_linux 5.0
suse linux_enterprise_server 10
suse linux_enterprise_desktop 9
juniper ctpview *
avaya message_networking 3.1
juniper ctpview 7.1
avaya intuity_audix_lx 2.0
avaya messaging_storage_server 5.0
fedoraproject fedora 9
avaya messaging_storage_server 4.0
avaya messaging_storage_server 3.0
christophe.varoqui multipath-tools 0.4.8
novell open_enterprise_server -
CVE-2009-3939 MEDIUM

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
canonical ubuntu_linux 6.06
canonical ubuntu_linux 8.04
avaya aura_system_manager 6.0
linux linux_kernel *
redhat enterprise_linux_server 5.0
opensuse opensuse 11.1
debian debian_linux 5.0
canonical ubuntu_linux 9.10
suse linux_enterprise_desktop 11
avaya aura_system_manager 5.2
redhat enterprise_linux_desktop 5.0
suse linux_enterprise_server 11
redhat virtualization 5
redhat enterprise_linux_eus 5.4
redhat enterprise_linux_workstation 5.0
avaya aura_application_enablement_services 5.2.1
opensuse opensuse 11.2
suse linux_enterprise_desktop 10
suse linux_enterprise_server 10
opensuse opensuse 11.0
avaya aura_session_manager 1.1
avaya voice_portal 5.0
avaya aura_communication_manager 5.2
canonical ubuntu_linux 9.04
avaya aura_sip_enablement_services 5.2
avaya aura_application_enablement_services 5.2
avaya aura_session_manager 5.2
avaya aura_system_platform 1.1
canonical ubuntu_linux 8.10
CVE-2010-2492 HIGH

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
vmware esx 4.1
avaya aura_system_manager 6.0
avaya aura_voice_portal 5.1
avaya aura_voice_portal 5.0
linux linux_kernel *
avaya aura_presence_services 6.1
avaya aura_session_manager 1.1
avaya iq 5.1
avaya aura_communication_manager 5.2
avaya aura_system_manager 5.2
avaya aura_presence_services 6.1.1
avaya aura_system_manager 6.1.1
vmware esx 4.0
avaya aura_session_manager 6.0
avaya aura_system_manager 6.1
avaya aura_session_manager 5.2
avaya aura_system_platform 6.0
avaya aura_system_platform 1.1
avaya iq 5.0
avaya aura_presence_services 6.0
CVE-2010-2798 HIGH

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 6.06
vmware esx 4.1
canonical ubuntu_linux 8.04
avaya aura_system_manager 6.0
linux linux_kernel *
avaya aura_presence_services 6.1
opensuse opensuse 11.1
suse suse_linux_enterprise_desktop 11
debian debian_linux 5.0
canonical ubuntu_linux 9.10
avaya iq 5.1
avaya aura_system_manager 5.2
vmware esx 4.0
avaya aura_session_manager 6.0
avaya voice_portal 5.1
avaya aura_system_manager 6.1
suse linux_enterprise_high_availability_extension 11
canonical ubuntu_linux 10.10
avaya aura_session_manager 1.1
avaya voice_portal 5.0
avaya aura_communication_manager 5.2
avaya aura_presence_services 6.1.1
canonical ubuntu_linux 9.04
avaya aura_system_manager 6.1.1
canonical ubuntu_linux 10.04
avaya aura_session_manager 5.2
avaya aura_system_platform 6.0
suse suse_linux_enterprise_server 11
avaya aura_system_platform 1.1
avaya iq 5.0
avaya aura_presence_services 6.0
CVE-2010-2942 LOW

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
canonical ubuntu_linux 6.06
vmware esx 4.1
canonical ubuntu_linux 8.04
avaya aura_system_manager 6.0
linux linux_kernel *
suse suse_linux_enterprise_server 10
avaya aura_presence_services 6.1
opensuse opensuse 11.1
linux linux_kernel 2.6.36
suse suse_linux_enterprise_desktop 11
canonical ubuntu_linux 9.10
avaya iq 5.1
avaya aura_system_manager 5.2
suse suse_linux_enterprise_desktop 10
vmware esx 4.0
avaya aura_session_manager 6.0
avaya voice_portal 5.1
avaya aura_system_manager 6.1
canonical ubuntu_linux 10.10
avaya aura_session_manager 1.1
avaya voice_portal 5.0
avaya aura_communication_manager 5.2
opensuse opensuse 11.3
avaya aura_presence_services 6.1.1
canonical ubuntu_linux 9.04
avaya aura_system_manager 6.1.1
canonical ubuntu_linux 10.04
avaya aura_session_manager 5.2
avaya aura_system_platform 6.0
suse suse_linux_enterprise_server 11
avaya aura_system_platform 1.1
avaya iq 5.0
avaya aura_presence_services 6.0
CVE-2010-2943 MEDIUM

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 6.06
vmware esx 4.1
avaya aura_system_manager 6.0
avaya aura_voice_portal 5.0
linux linux_kernel *
avaya aura_presence_services 6.1
canonical ubuntu_linux 9.10
avaya iq 5.1
avaya aura_system_manager 5.2
vmware esx 4.0
avaya aura_session_manager 6.0
avaya aura_system_manager 6.1
canonical ubuntu_linux 10.10
avaya aura_voice_portal 5.1
avaya aura_session_manager 1.1
avaya aura_communication_manager 5.2
avaya aura_presence_services 6.1.1
avaya aura_system_manager 6.1.1
canonical ubuntu_linux 10.04
avaya aura_session_manager 5.2
avaya aura_system_platform 6.0
avaya aura_system_platform 1.1
avaya iq 5.0
avaya aura_presence_services 6.0
CVE-2011-1229 HIGH

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
avaya callvisor_asai_lan *
avaya callpilot *
avaya enterprise_manager *
microsoft windows_7 -
avaya agent_access *
avaya ip_agent *
avaya network_reporting *
avaya aura_conferencing_standard_edition 6.0.0
microsoft windows_vista -
avaya contact_center_express *
avaya meeting_exchange *
avaya integrated_management *
avaya basic_call_management_system_reporting_desktop *
avaya octelaccess_server *
avaya outbound_contact_management *
avaya communication_server_1000_telephony_manager *
avaya ip_softphone *
avaya unified_messenger *
microsoft windows_server_2003 -
avaya speech_access *
avaya visual_messenger *
microsoft windows_xp -
microsoft windows_server_2008 r2
avaya computer_telephony *
avaya operational_analyst *
avaya octeldesigner *
microsoft windows_2003_server -
avaya messaging_application_server *
avaya unified_communication_center *
avaya visual_vector_client *
avaya call_management_server_supervisor *
avaya web_messenger *
microsoft windows_server_2008 -
avaya customer_interaction_express *
avaya vpnmanager_console *
avaya interaction_center *
CVE-2011-3008 MEDIUM

The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
avaya secure_access_link_gateway 2.0
avaya secure_access_link_gateway 1.5
avaya secure_access_link_gateway 1.8
CVE-2011-4112 MEDIUM

The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
avaya 9608g_firmware *
avaya 9621g_firmware *
avaya 9611g_firmware *
avaya 9608_firmware *
linux linux_kernel *
avaya 9641g_firmware *
avaya 9641gs_firmware *
CVE-2011-4326 HIGH

The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
linux linux_kernel *
avaya 96x1_ip_deskphone_firmware *
CVE-2011-5096 HIGH

Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
avaya aura_application_server_5300 1.0
avaya aura_application_server_5300 2.0
CVE-2012-3811 HIGH

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya ip_office_customer_call_reporter 8.0
avaya ip_office_customer_call_reporter 7.0
CVE-2016-2783 HIGH

Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
avaya vsp_operating_system_software *
avaya vsp_operating_system_software 5.0.0.0
CVE-2016-5285 MEDIUM

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 9.0
avaya cs1000m_firmware *
avaya cs1000e/cs1000m_signaling_server_firmware *
avaya session_border_controller_for_enterprise_firmware *
redhat enterprise_linux 7.0
avaya aura_session_manager *
avaya ip_office 10.0
suse linux_enterprise_server 11
debian debian_linux 10.0
avaya meeting_exchange 6.2
debian debian_linux 8.0
avaya aura_messaging 6.3.3
avaya aura_application_server_5300 3.0
avaya aura_system_platform_firmware *
avaya aura_application_enablement_services *
avaya aura_application_enablement_services 7.0
avaya aura_communication_manager_messagint 7.0
mozilla nss *
avaya aura_conferencing 8.0
avaya ip_office 9.1
avaya proactive_contact *
avaya ip_office 8.1
avaya aura_experience_portal *
avaya aura_conferencing 7.0
avaya aura_session_manager 7.0.1
avaya one-x_client_enablement_services 6.2
avaya call_management_system 17.0
avaya cs1000e_firmware *
avaya call_management_system *
avaya aura_conferencing 7.2
redhat enterprise_linux 5.0
avaya message_networking *
avaya aura_utility_services *
avaya breeze_platform *
avaya aura_session_manager 7.0
avaya aura_messaging 6.3
avaya aura_communication_manager 7.0
avaya iq 5.2.x
avaya aura_communication_manager *
avaya aura_system_manager *
redhat enterprise_linux 6.0
CVE-2017-11309 MEDIUM

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
avaya ip_office *
CVE-2017-12969 MEDIUM

Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
avaya ip_office_contact_center 9.1.6
avaya ip_office_contact_center 9.1.7
avaya ip_office_contact_center 9.1.9
avaya ip_office_contact_center 9.1.0.2209.1540
avaya ip_office_contact_center 9.1.8
avaya ip_office_contact_center 10.1
avaya ip_office_contact_center 10.0.0.3-8600.1705
avaya ip_office_contact_center 9.1
avaya ip_office_contact_center 10.0
avaya ip_office_contact_center 9.1.0
CVE-2018-15610 HIGH

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-22,

Products Affected

Vendor Product Version
avaya ip_office 10.1
avaya ip_office 9.1
avaya ip_office 10.0
CVE-2018-15611 HIGH

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
avaya aura_communication_manager *
CVE-2018-15612 MEDIUM

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
avaya orchestration_designer *
CVE-2018-15613 MEDIUM

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
avaya aura_orchestration_designer *
CVE-2018-15614 LOW

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
avaya ip_office 10.1
avaya ip_office 10.0
avaya ip_office 11.0
CVE-2018-15615 LOW

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
avaya call_management_system_supervisor 18.0.2.0
avaya call_management_system_supervisor 18.0.1.0
avaya call_management_system_supervisor 17.0.0
CVE-2018-15616 HIGH

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
avaya avaya_aura_system_platform *
CVE-2018-15617 MEDIUM

A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
avaya aura_communication_manager *
CVE-2018-6635 MEDIUM

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
avaya aura *
CVE-2019-7000 MEDIUM

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
avaya aura_conferencing 8.0
avaya aura_conferencing *
CVE-2019-7001 MEDIUM

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
avaya ip_office_contact_center *
CVE-2019-7003 MEDIUM

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
avaya control_manager *
CVE-2019-7004 LOW

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
avaya ip_office_application_server *
CVE-2019-7005 MEDIUM

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
avaya ip_office *
CVE-2019-7006 LOW

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
avaya one-x_communicator 6.2
CVE-2019-7007 MEDIUM

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
avaya aura_conferencing *
CVE-2020-7029 MEDIUM

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L 1.6 4.7
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
avaya aura_messaging *
avaya aura_communication_manager *
avaya aura_messaging 7.1
CVE-2020-7030 LOW

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
securityalerts@avaya.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
avaya ip_office 9.0
avaya ip_office 9.1
avaya ip_office *
CVE-2020-7032 MEDIUM

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 1.2 5.2
securityalerts@avaya.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
avaya weblm *
avaya aura_system_manager *
CVE-2020-7033 LOW

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N 2.1 4.2
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
avaya equinox_conferencing *
CVE-2020-7034 HIGH

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-77,

Products Affected

Vendor Product Version
avaya session_border_controller_for_enterprise *
CVE-2020-7035 MEDIUM

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
securityalerts@avaya.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
avaya aura_orchestration_designer *
CVE-2020-7036 MEDIUM

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
securityalerts@avaya.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
avaya callback_assist 4.7.1.1
avaya callback_assist *
CVE-2020-7037 MEDIUM

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2
securityalerts@avaya.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
avaya equinox_conferencing *
CVE-2020-7038 MEDIUM

A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya equinox_conferencing *
CVE-2021-25649 LOW

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya aura_utility_services *
CVE-2021-25650 MEDIUM

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
securityalerts@avaya.com 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N 1.3 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-250,CWE-269,

Products Affected

Vendor Product Version
avaya aura_utility_services *
CVE-2021-25651 MEDIUM

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
securityalerts@avaya.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-250,CWE-269,

Products Affected

Vendor Product Version
avaya aura_utility_services *
CVE-2021-25652 LOW

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
securityalerts@avaya.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
avaya aura_appliance_virtualization_platform *
CVE-2021-25653 MEDIUM

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
securityalerts@avaya.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-250,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
avaya aura_appliance_virtualization_platform *
CVE-2021-25654 MEDIUM

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 6.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L 0.7 5.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-378,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
avaya aura_device_services *
CVE-2021-25655 MEDIUM

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
securityalerts@avaya.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
avaya aura_experience_portal *
avaya aura_experience_portal 8.0.0
CVE-2021-25656 LOW

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
avaya aura_experience_portal *
avaya aura_experience_portal 8.0.0
CVE-2021-25657

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
securityalerts@avaya.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
avaya ip_office 11.1
avaya ip_office *
CVE-2022-2249

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
avaya aura_communication_manager 10.1.0.0
avaya aura_communication_manager *
CVE-2022-2975

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.

Products Affected

Vendor Product Version
avaya aura_application_enablement_services *
CVE-2022-38168

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
avaya scopia_pathfinder_10_pts_firmware 8.3.7.0.4
avaya scopia_pathfinder_20_pts_firmware 8.3.7.0.4
CVE-2023-31186

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
avaya ix_workforce_engagement 15.2.7.1195
CVE-2023-31187

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
avaya ix_workforce_engagement 15.2.7.1195
CVE-2023-32218

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
avaya ix_workforce_engagement 15.2.7.1195
CVE-2023-3527

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L 1.0 5.3

Products Affected

Vendor Product Version
avaya call_management_system *
CVE-2023-3722

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
avaya aura_device_services *
CVE-2023-7031

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
securityalerts@avaya.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
avaya aura_experience_portal *
CVE-2024-12755

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 7.9 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L 1.3 6.0

Products Affected

Vendor Product Version
avaya spaces -
CVE-2024-12756

An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 7.3 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N 1.0 5.8

Products Affected

Vendor Product Version
avaya spaces -
CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
avaya ip_office *
CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
avaya ip_office *
CVE-2024-7480

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

Products Affected

Vendor Product Version
avaya aura_system_manager *
avaya aura_system_manager 10.2
CVE-2025-1041

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securityalerts@avaya.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
avaya call_management_system *
CVE-2025-49186

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick field_analytics *
sick package_analytics *
sick tire_analytics *
avaya media_server -
sick baggage_analytics *