Vulnerabilities > Mitel > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-17 | CVE-2020-10211 | Improper Input Validation vulnerability in Mitel Mivoice Connect and Mivoice Connect Client A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. | 7.5 |
2020-03-02 | CVE-2019-19608 | SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. | 7.5 |
2020-03-02 | CVE-2019-19607 | SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. | 7.5 |
2019-04-25 | CVE-2018-18285 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. | 7.5 |
2019-04-25 | CVE-2018-18286 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. | 7.5 |
2014-04-07 | CVE-2014-0160 | Out-of-bounds Read vulnerability in multiple products The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | 7.5 |
2009-05-07 | CVE-2008-6797 | Cryptographic Issues vulnerability in Mitel Nupoint Messenger R11/R3 The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.8 |