Vulnerabilities > Avaya > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-28 | CVE-2019-7007 | Path Traversal vulnerability in Avaya Aura Conferencing 9.0/9.1.9.0 A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. | 8.6 |
| 2019-11-15 | CVE-2016-5285 | NULL Pointer Dereference vulnerability in multiple products A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | 7.5 |
| 2019-04-04 | CVE-2019-7001 | SQL Injection vulnerability in Avaya IP Office Contact Center A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. | 8.8 |
| 2019-02-01 | CVE-2018-15617 | Unspecified vulnerability in Avaya Aura Communication Manager A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. | 7.5 |
| 2018-09-21 | CVE-2018-15612 | Cross-Site Request Forgery (CSRF) vulnerability in Avaya Orchestration Designer 7.1 A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. | 8.8 |
| 2018-09-12 | CVE-2018-15610 | Path Traversal vulnerability in Avaya IP Office 10.0/10.1/9.1 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. | 8.8 |
| 2018-02-05 | CVE-2018-6635 | Inadequate Encryption Strength vulnerability in Avaya Aura System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | 7.5 |
| 2017-11-10 | CVE-2017-12969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Contact Center Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | 8.8 |
| 2010-09-30 | CVE-2010-2943 | Information Exposure vulnerability in multiple products The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. | 8.1 |
| 2010-09-08 | CVE-2010-2798 | NULL Pointer Dereference vulnerability in multiple products The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | 7.8 |