Avaya Avaya

Do you want an email whenever new security vulnerabilities are reported in any Avaya product?

Products by Avaya Sorted by Most Security Vulnerabilities since 2018

Avaya Aura System Manager6 vulnerabilities

Avaya Ip Office5 vulnerabilities

Avaya S34005 vulnerabilities

Avaya S81005 vulnerabilities

Avaya Aura System Platform5 vulnerabilities

Avaya Aura Session Manager5 vulnerabilities

Avaya Ip600 Media Servers5 vulnerabilities

Avaya Aura Presence Services4 vulnerabilities

Avaya Message Networking4 vulnerabilities

Avaya Iq4 vulnerabilities

Avaya Sg2003 vulnerabilities

Avaya Sg53 vulnerabilities

Avaya Sg2083 vulnerabilities

Avaya Sg2033 vulnerabilities

Avaya Equinox Conferencing3 vulnerabilities

Avaya Voice Portal3 vulnerabilities

Avaya Aura Utility Services3 vulnerabilities

Avaya Aura Experience Portal3 vulnerabilities

Avaya Intuity Audix Lx2 vulnerabilities

Avaya Meeting Exchange2 vulnerabilities

Avaya Aura Conferencing2 vulnerabilities

Avaya Aura Device Services2 vulnerabilities

Avaya Aura Voice Portal2 vulnerabilities

Avaya Operational Analyst1 vulnerability

Avaya Weblm1 vulnerability

Avaya Web Messenger1 vulnerability

Avaya Network Reporting1 vulnerability

Avaya One X Communicator1 vulnerability

Avaya Proactive Contact1 vulnerability

Avaya Visual Messenger1 vulnerability

Avaya Speech Access1 vulnerability

Avaya S83001 vulnerability

Avaya S85001 vulnerability

Avaya S87001 vulnerability

Avaya Aura1 vulnerability

Avaya Callback Assist1 vulnerability

Avaya Callpilot1 vulnerability

Avaya Callvisor Asai Lan1 vulnerability

Avaya Computer Telephony1 vulnerability

Avaya Ip Softphone1 vulnerability

Avaya Control Manager1 vulnerability

Avaya Cvlan1 vulnerability

Avaya Enterprise Manager1 vulnerability

Avaya Interaction Center1 vulnerability

Avaya Agent Access1 vulnerability

Avaya Intuity Lx1 vulnerability

Avaya Ip Agent1 vulnerability

By the Year

In 2024 there have been 1 vulnerability in Avaya with an average score of 4.3 out of ten. Last year Avaya had 5 security vulnerabilities published. Right now, Avaya is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 2.60

Year Vulnerabilities Average Score
2024 1 4.30
2023 5 6.90
2022 3 7.07
2021 13 7.08
2020 6 7.05
2019 7 6.96
2018 7 7.44

It may take a day or so for new Avaya vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Avaya Security Vulnerabilities

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may

CVE-2023-7031 4.3 - Medium - January 17, 2024

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.

Insecure Direct Object Reference / IDOR

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could

CVE-2023-3722 9.8 - Critical - July 19, 2023

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

Unrestricted File Upload

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which

CVE-2023-3527 6.8 - Medium - July 18, 2023

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  

CSV Injection

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVE-2023-32218 6.1 - Medium - May 30, 2023

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Open Redirect

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials

CVE-2023-31187 6.5 - Medium - May 30, 2023

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials

Insufficiently Protected Credentials

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy

CVE-2023-31186 5.3 - Medium - May 30, 2023

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy

Side Channel Attack

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager

CVE-2022-2249 6.7 - Medium - October 12, 2022

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

Improper Privilege Management

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application

CVE-2022-2975 6.7 - Medium - October 06, 2022

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.

Incorrect Permission Assignment for Critical Resource

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator

CVE-2021-25657 7.8 - High - September 02, 2022

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services

CVE-2021-25654 7.8 - High - June 25, 2021

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU)

CVE-2021-25653 7.8 - High - June 24, 2021

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services

CVE-2021-25651 7.8 - High - June 24, 2021

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services

Improper Privilege Management

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU)

CVE-2021-25652 5.5 - Medium - June 24, 2021

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

Exposure of Resource to Wrong Sphere

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may

CVE-2021-25655 6.1 - Medium - June 24, 2021

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

Open Redirect

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services

CVE-2021-25650 8.8 - High - June 24, 2021

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

Improper Privilege Management

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services

CVE-2021-25649 5.5 - Medium - June 24, 2021

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could

CVE-2021-25656 5.4 - Medium - June 24, 2021

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

XSS

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information

CVE-2020-7037 8.1 - High - April 28, 2021

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.

XXE

A vulnerability was discovered in Management component of Avaya Equinox Conferencing

CVE-2020-7038 7.5 - High - April 28, 2021

A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.

A command injection vulnerability in Avaya Session Border Controller for Enterprise could

CVE-2020-7034 8.8 - High - April 23, 2021

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x

Command Injection

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information

CVE-2020-7035 6.5 - Medium - April 23, 2021

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

XXE

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information

CVE-2020-7036 6.5 - Medium - April 23, 2021

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

XXE

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface

CVE-2020-7032 6.5 - Medium - November 13, 2020

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.

XXE

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can

CVE-2020-7033 5.4 - Medium - November 13, 2020

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.

XSS

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging

CVE-2020-7029 8.8 - High - August 11, 2020

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Session Riding

A vulnerability was discovered in the web interface component of IP Office

CVE-2019-7005 7.5 - High - August 07, 2020

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office

CVE-2020-7030 5.5 - Medium - June 04, 2020

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

Information Disclosure

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier

CVE-2019-7007 8.6 - High - February 28, 2020

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.

Directory traversal

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could

CVE-2019-7004 5.4 - Medium - December 12, 2019

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

XSS

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may

CVE-2019-7000 6.1 - Medium - July 31, 2019

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

XSS

A SQL injection vulnerability in the reporting component of Avaya Control Manager could

CVE-2019-7003 10 - Critical - July 11, 2019

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

SQL Injection

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could

CVE-2019-7001 8.8 - High - April 04, 2019

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.

SQL Injection

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component

CVE-2019-7006 5.5 - Medium - February 27, 2019

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.

Use of a Broken or Risky Cryptographic Algorithm

A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could

CVE-2018-15617 7.5 - High - February 01, 2019

A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service

CVE-2018-15614 5.4 - Medium - January 23, 2019

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.

XSS

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack

CVE-2018-15616 9.8 - Critical - October 17, 2018

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

Marshaling, Unmarshaling

A vulnerability in the local system administration component of Avaya Aura Communication Manager can

CVE-2018-15611 6.7 - Medium - September 27, 2018

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

A vulnerability in the Supervisor component of Avaya Call Management System

CVE-2018-15615 4.4 - Medium - September 24, 2018

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

Information Disclosure

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user

CVE-2018-15613 6.1 - Medium - September 21, 2018

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

XSS

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could

CVE-2018-15612 8.8 - High - September 21, 2018

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

Session Riding

A vulnerability in the one-X Portal component of Avaya IP Office

CVE-2018-15610 8.8 - High - September 12, 2018

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Directory traversal

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which

CVE-2018-6635 7.5 - High - February 05, 2018

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

Inadequate Encryption Strength

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application

CVE-2011-1229 - April 13, 2011

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

NULL Pointer Dereference

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks

CVE-2010-2943 8.1 - High - September 30, 2010

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Information Disclosure

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which

CVE-2010-2942 5.5 - Medium - September 21, 2010

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Memory Leak

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which

CVE-2010-2798 7.8 - High - September 08, 2010

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

NULL Pointer Dereference

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might

CVE-2010-2492 7.8 - High - September 08, 2010

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

Classic Buffer Overflow

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which

CVE-2009-3939 7.1 - High - November 16, 2009

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

Incorrect Permission Assignment for Critical Resource

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which

CVE-2009-0115 7.8 - High - March 30, 2009

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Incorrect Permission Assignment for Critical Resource

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which

CVE-2008-2812 7.8 - High - July 09, 2008

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

NULL Pointer Dereference

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista

CVE-2007-1765 - March 30, 2007

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords

CVE-2006-1058 5.5 - Medium - April 04, 2006

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

Use of Password Hash With Insufficient Computational Effort

Heap-based buffer overflow in Internet Explorer 6

CVE-2004-1050 - December 31, 2004

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements

CVE-2004-0842 - December 23, 2004

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events

CVE-2004-0841 - December 23, 2004

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0112 - November 23, 2004

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Out-of-bounds Read

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which

CVE-2004-0081 - November 23, 2004

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0079 7.5 - High - November 23, 2004

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

NULL Pointer Dereference

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page

CVE-2004-0839 - August 18, 2004

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

The ap_get_mime_headers_core function in Apache httpd 2.0.49

CVE-2004-0493 - August 06, 2004

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled

CVE-2004-0594 - July 27, 2004

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

TOCTTOU

script command in the util-linux package before 2.11n

CVE-2001-1494 5.5 - Medium - December 31, 2001

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

insecure temporary file

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.