Vulnerabilities > Avaya
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-21 | CVE-2018-15612 | Cross-Site Request Forgery (CSRF) vulnerability in Avaya Orchestration Designer 7.1 A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. | 6.8 |
| 2018-09-12 | CVE-2018-15610 | Path Traversal vulnerability in Avaya IP Office 10.0/10.1/9.1 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. | 9.0 |
| 2018-02-05 | CVE-2018-6635 | Inadequate Encryption Strength vulnerability in Avaya Aura System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | 6.0 |
| 2017-11-10 | CVE-2017-12969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Contact Center Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | 8.8 |
| 2017-11-10 | CVE-2017-11309 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | 9.6 |
| 2017-01-23 | CVE-2016-2783 | Data Processing Errors vulnerability in Avaya VSP Operating System Software 5.0.0.0 Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | 10.0 |
| 2012-07-03 | CVE-2011-5096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya Aura Application Server 5300 1.0/2.0 Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | 10.0 |
| 2012-07-03 | CVE-2012-3811 | Unspecified vulnerability in Avaya IP Office Customer Call Reporter 7.0/8.0 Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. | 10.0 |
| 2012-05-17 | CVE-2011-4112 | The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. | 5.5 |
| 2011-08-05 | CVE-2011-3008 | Configuration vulnerability in Avaya Secure Access Link Gateway 1.5/1.8/2.0 The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information. | 5.0 |