High

DATE	CVE	VULNERABILITY TITLE	RISK
2005-12-16	CVE-2005-3253	Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. network low complexity avaya proxim	7.5
2005-12-04	CVE-2005-3989	Remote Denial of Service vulnerability in Avaya TN2602AP IP Media Resource 320 Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. network low complexity avaya	7.8
2004-12-23	CVE-2004-0842	Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." network low complexity microsoft avaya	7.5
2004-12-21	CVE-2004-1307	Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. network low complexity avaya f5 libtiff sgi conectiva apple gentoo mandrakesoft sco sun	7.5
2004-11-23	CVE-2004-0494	Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. network low complexity avaya redhat	7.5
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5
2004-08-06	CVE-2004-0495	Device Driver vulnerability in Linux Kernel Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. local low complexity avaya gentoo linux redhat suse conectiva	7.2
2004-08-06	CVE-2004-0210	The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. local low complexity avaya microsoft	7.2
2004-08-06	CVE-2004-0205	Remote Buffer Overflow vulnerability in Microsoft IIS 4 Redirect Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. local low complexity avaya microsoft	7.2
2004-02-03	CVE-2004-1082	mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. network low complexity apache apple avaya hp ibm openbsd sco sun	7.5