Filtered by vendor Avaya
Subscriptions
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2024-11-21 | N/A |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | ||||
| CVE-2018-15617 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | N/A |
| A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. | ||||
| CVE-2018-15616 | 1 Avaya | 1 Avaya Aura System Platform | 2024-11-21 | N/A |
| A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. | ||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2024-11-21 | N/A |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | ||||
| CVE-2018-15614 | 1 Avaya | 1 Ip Office | 2024-11-21 | N/A |
| A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. | ||||
| CVE-2018-15613 | 1 Avaya | 1 Aura Orchestration Designer | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | ||||
| CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2024-11-21 | N/A |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | ||||
| CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | N/A |
| A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | ||||
| CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2024-11-21 | N/A |
| A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | ||||
| CVE-2017-12969 | 1 Avaya | 1 Ip Office Contact Center | 2024-11-21 | N/A |
| Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | ||||
| CVE-2017-11309 | 1 Avaya | 1 Ip Office | 2024-11-21 | N/A |
| Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | ||||
| CVE-2016-5285 | 5 Avaya, Debian, Mozilla and 2 more | 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more | 2024-11-21 | 7.5 High |
| A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | ||||
| CVE-2016-2783 | 1 Avaya | 1 Vsp Operating System Software | 2024-11-21 | N/A |
| Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | ||||
| CVE-2024-7480 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | 4.2 Medium |
| An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | ||||
| CVE-2024-7477 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | 6.5 Medium |
| A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | ||||