Filtered by vendor Avaya
Subscriptions
Total
133 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3722 | 1 Avaya | 1 Aura Device Services | 2024-10-22 | 8.6 High |
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. | ||||
CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2024-10-21 | 6.8 Medium |
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | ||||
CVE-2007-5556 | 1 Avaya | 1 Voip Handset | 2024-09-17 | N/A |
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2024-09-17 | 6.3 Medium |
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | ||||
CVE-2019-7007 | 1 Avaya | 1 Aura Conferencing | 2024-09-17 | 7.5 High |
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | ||||
CVE-2019-7004 | 1 Avaya | 1 Ip Office Application Server | 2024-09-17 | 5.4 Medium |
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | ||||
CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-09-17 | 7.8 High |
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | ||||
CVE-2020-7032 | 1 Avaya | 2 Aura System Manager, Weblm | 2024-09-17 | 6.5 Medium |
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | ||||
CVE-2020-7036 | 1 Avaya | 1 Callback Assist | 2024-09-17 | 8.1 High |
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. | ||||
CVE-2019-7003 | 1 Avaya | 1 Control Manager | 2024-09-17 | 10.0 Critical |
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. | ||||
CVE-2011-5096 | 1 Avaya | 1 Aura Application Server 5300 | 2024-09-17 | N/A |
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | ||||
CVE-2020-7034 | 1 Avaya | 1 Session Border Controller For Enterprise | 2024-09-16 | 7.2 High |
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x | ||||
CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2024-09-16 | N/A |
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | ||||
CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2024-09-16 | 6.1 Medium |
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | ||||
CVE-2019-7006 | 1 Avaya | 1 One-x Communicator | 2024-09-16 | 5.5 Medium |
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. | ||||
CVE-2020-7037 | 1 Avaya | 1 Equinox Conferencing | 2024-09-16 | 8.1 High |
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server. | ||||
CVE-2020-7030 | 1 Avaya | 1 Ip Office | 2024-09-16 | 5.5 Medium |
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. | ||||
CVE-2020-7029 | 1 Avaya | 2 Aura Communication Manager, Aura Messaging | 2024-09-16 | 6.4 Medium |
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. | ||||
CVE-2020-7038 | 1 Avaya | 1 Equinox Conferencing | 2024-09-16 | 7.5 High |
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server. | ||||
CVE-2005-2762 | 1 Avaya | 1 Vpnremote | 2024-09-16 | N/A |
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. |