Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Avaya Subscribe
Total 122 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2942 6 Avaya, Canonical, Linux and 3 more 13 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 10 more 2023-02-12 2.1 LOW 5.5 MEDIUM
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
CVE-2010-2943 4 Avaya, Canonical, Linux and 1 more 10 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 7 more 2023-02-12 6.4 MEDIUM 8.1 HIGH
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
CVE-2010-2798 7 Avaya, Canonical, Debian and 4 more 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more 2023-02-12 7.2 HIGH 7.8 HIGH
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
CVE-2010-2492 3 Avaya, Linux, Vmware 9 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 6 more 2023-02-12 7.2 HIGH 7.8 HIGH
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
CVE-2008-2812 7 Avaya, Canonical, Debian and 4 more 15 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 12 more 2023-02-12 7.2 HIGH 7.8 HIGH
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2011-4326 2 Avaya, Linux 3 96x1 Ip Deskphone, 96x1 Ip Deskphone Firmware, Linux Kernel 2023-02-12 7.1 HIGH N/A
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
CVE-2011-4112 2 Avaya, Linux 13 9608, 9608 Firmware, 9608g and 10 more 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.
CVE-2019-7003 1 Avaya 1 Control Manager 2023-02-03 6.4 MEDIUM 10.0 CRITICAL
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
CVE-2019-7004 1 Avaya 1 Ip Office Application Server 2023-02-01 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
CVE-2019-7000 1 Avaya 1 Aura Conferencing 2023-01-31 5.8 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.
CVE-2022-2975 1 Avaya 1 Aura Application Enablement Services 2022-12-02 N/A 6.7 MEDIUM
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
CVE-2022-38168 1 Avaya 4 Scopia Pathfinder 10 Pts, Scopia Pathfinder 10 Pts Firmware, Scopia Pathfinder 20 Pts and 1 more 2022-11-08 N/A 9.1 CRITICAL
** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
CVE-2021-25652 1 Avaya 1 Aura Appliance Virtualization Platform 2022-10-25 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.
CVE-2020-7032 1 Avaya 2 Aura System Manager, Weblm 2022-10-19 5.5 MEDIUM 6.5 MEDIUM
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.
CVE-2022-2249 1 Avaya 1 Aura Communication Manager 2022-10-14 N/A 6.7 MEDIUM
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.
CVE-2021-25657 1 Avaya 1 Ip Office 2022-09-07 N/A 7.8 HIGH
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
CVE-2020-7038 1 Avaya 1 Equinox Conferencing 2022-08-05 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.
CVE-2020-7034 1 Avaya 1 Session Border Controller For Enterprise 2022-08-05 9.0 HIGH 8.8 HIGH
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
CVE-2021-25654 1 Avaya 1 Aura Device Services 2022-08-01 4.6 MEDIUM 7.8 HIGH
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.
CVE-2021-25650 1 Avaya 1 Aura Utility Services 2022-04-26 4.6 MEDIUM 8.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.