Filtered by vendor Avaya
Subscribe
Total
122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2018-10-30 | 7.5 HIGH | N/A |
| Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | |||||
| CVE-2004-0800 | 2 Avaya, Sun | 4 Call Management System Server, Dtmail, Solaris and 1 more | 2018-10-30 | 4.6 MEDIUM | N/A |
| Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value. | |||||
| CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2018-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | |||||
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2018-10-30 | 7.5 HIGH | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
| CVE-2004-0595 | 4 Avaya, Php, Redhat and 1 more | 8 Converged Communications Server, Integrated Management, S8300 and 5 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2004-0594 | 4 Avaya, Php, Redhat and 1 more | 8 Converged Communications Server, Integrated Management, S8300 and 5 more | 2018-10-30 | 5.1 MEDIUM | N/A |
| The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | |||||
| CVE-2004-0205 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2018-10-12 | 7.2 HIGH | N/A |
| Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. | |||||
| CVE-2004-0215 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. | |||||
| CVE-2017-12969 | 1 Avaya | 1 Ip Office Contact Center | 2018-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | |||||
| CVE-2004-0495 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2017-10-10 | 7.2 HIGH | N/A |
| Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | |||||
| CVE-2003-1359 | 2 Avaya, Hp | 2 Predictive Dialer System, Hp-ux | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. | |||||
| CVE-2004-1235 | 7 Avaya, Conectiva, Linux and 4 more | 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more | 2017-10-10 | 6.2 MEDIUM | N/A |
| Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. | |||||
| CVE-2004-0494 | 2 Avaya, Redhat | 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||||
| CVE-2004-0554 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2017-10-10 | 2.1 LOW | N/A |
| Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. | |||||
| CVE-2005-0003 | 4 Avaya, Linux, Mandrakesoft and 1 more | 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more | 2017-10-10 | 2.1 LOW | N/A |
| The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. | |||||
| CVE-2011-3008 | 1 Avaya | 1 Secure Access Link Gateway | 2017-08-28 | 5.0 MEDIUM | N/A |
| The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information. | |||||
| CVE-2008-6706 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2017-08-16 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." | |||||
| CVE-2008-6708 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2017-08-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." | |||||
| CVE-2008-6709 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2017-08-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters." | |||||
| CVE-2008-6575 | 1 Avaya | 1 Communication Manager | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. | |||||