Filtered by vendor Avaya
Subscribe
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0175 | 1 Avaya | 1 Libsafe | 2025-04-03 | 4.6 MEDIUM | N/A |
| libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. | |||||
| CVE-2004-0215 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. | |||||
| CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. | |||||
| CVE-2004-1235 | 7 Avaya, Conectiva, Linux and 4 more | 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more | 2025-04-03 | 6.2 MEDIUM | N/A |
| Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. | |||||
| CVE-2005-3253 | 2 Avaya, Proxim | 10 Wireless Ap-3, Wireless Ap-4, Wireless Ap-5 and 7 more | 2025-04-03 | 7.5 HIGH | N/A |
| Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. | |||||
| CVE-2004-0494 | 2 Avaya, Redhat | 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||||
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | |||||
| CVE-2004-0595 | 4 Avaya, Php, Redhat and 1 more | 8 Converged Communications Server, Integrated Management, S8300 and 5 more | 2025-04-03 | 6.8 MEDIUM | N/A |
| The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2024-4196 | 1 Avaya | 1 Ip Office | 2025-01-21 | N/A | 10.0 CRITICAL |
| An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. | |||||
| CVE-2024-4197 | 1 Avaya | 1 Ip Office | 2025-01-21 | N/A | 9.9 CRITICAL |
| An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. | |||||
| CVE-2023-7031 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | N/A | 5.7 MEDIUM |
| Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. | |||||
| CVE-2023-3722 | 1 Avaya | 1 Aura Device Services | 2024-11-21 | N/A | 8.6 HIGH |
| An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. | |||||
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2024-11-21 | N/A | 6.8 MEDIUM |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | |||||
| CVE-2023-32218 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 6.1 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2023-31187 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 6.5 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | |||||
| CVE-2023-31186 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 5.3 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | |||||
| CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-11-21 | N/A | 7.7 HIGH |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | |||||
| CVE-2022-2249 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | N/A | 7.7 HIGH |
| Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | |||||
| CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | |||||
| CVE-2021-25656 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||||