High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-17	CVE-2020-10211	Improper Input Validation vulnerability in Mitel Mivoice Connect and Mivoice Connect Client A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. network low complexity mitel CWE-20	7.5
2020-03-02	CVE-2019-19608	SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. network low complexity mitel CWE-89	7.5
2020-03-02	CVE-2019-19607	SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. network low complexity mitel CWE-89	7.5
2019-04-25	CVE-2018-18285	SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. network low complexity mitel CWE-89	7.5
2019-04-25	CVE-2018-18286	SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. network low complexity mitel CWE-89	7.5
2014-04-07	CVE-2014-0160	Out-of-bounds Read vulnerability in multiple products The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. network low complexity openssl filezilla-project siemens intellian mitel opensuse canonical fedoraproject redhat debian ricon CWE-125	7.5
2009-05-07	CVE-2008-6797	Cryptographic Issues vulnerability in Mitel Nupoint Messenger R11/R3 The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. network low complexity mitel CWE-310	7.8