Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Avaya Subscribe
Filtered by product Aura Communication Manager
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2942 6 Avaya, Canonical, Linux and 3 more 13 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 10 more 2023-02-12 2.1 LOW 5.5 MEDIUM
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
CVE-2010-2943 4 Avaya, Canonical, Linux and 1 more 10 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 7 more 2023-02-12 6.4 MEDIUM 8.1 HIGH
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
CVE-2010-2798 7 Avaya, Canonical, Debian and 4 more 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more 2023-02-12 7.2 HIGH 7.8 HIGH
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
CVE-2010-2492 3 Avaya, Linux, Vmware 9 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 6 more 2023-02-12 7.2 HIGH 7.8 HIGH
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
CVE-2022-2249 1 Avaya 1 Aura Communication Manager 2022-10-14 N/A 6.7 MEDIUM
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.
CVE-2020-7029 1 Avaya 2 Aura Communication Manager, Aura Messaging 2020-08-17 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
CVE-2016-5285 5 Avaya, Debian, Mozilla and 2 more 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more 2020-01-09 5.0 MEDIUM 7.5 HIGH
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVE-2018-15617 1 Avaya 1 Aura Communication Manager 2019-10-09 5.0 MEDIUM 7.5 HIGH
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.
CVE-2018-15611 1 Avaya 1 Aura Communication Manager 2019-10-09 7.2 HIGH 6.7 MEDIUM
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.