Vulnerabilities (CVE)

Filtered by vendor Avaya Subscribe
Total 133 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3321 1 Avaya 1 4602sw Ip Phone 2024-11-21 5.0 MEDIUM N/A
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).
CVE-2007-3320 1 Avaya 1 4602sw Ip Phone 2024-11-21 5.0 MEDIUM N/A
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.
CVE-2007-3319 1 Avaya 1 4602sw Ip Phone 2024-11-21 7.5 HIGH N/A
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
CVE-2007-3318 1 Avaya 1 One-x 2024-11-21 5.0 MEDIUM N/A
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.
CVE-2007-3317 1 Avaya 1 One-x 2024-11-21 7.8 HIGH N/A
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.
CVE-2007-3286 1 Avaya 1 Ip Soft Phone 2024-11-21 6.8 MEDIUM N/A
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-2374 2 Avaya, Microsoft 7 Definity One Media Server, Media Server, S3400 and 4 more 2024-11-21 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
CVE-2007-1765 2 Avaya, Microsoft 10 Definity One Media Server, Ip600 Media Servers, S3400 and 7 more 2024-11-21 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
CVE-2007-1491 1 Avaya 4 S8300, S8500, S8700 and 1 more 2024-11-21 5.2 MEDIUM N/A
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
CVE-2007-1490 1 Avaya 1 Communication Manager 2024-11-21 6.0 MEDIUM N/A
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
CVE-2007-1367 1 Avaya 4 S8300, S8500, S8700 and 1 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.
CVE-2006-1058 2 Avaya, Busybox 5 Aura Application Enablement Services, Aura Sip Enablement Services, Message Networking and 2 more 2024-11-21 2.1 LOW 5.5 MEDIUM
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
CVE-2006-0718 1 Avaya 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more 2024-11-21 5.0 MEDIUM N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2005-4471 1 Avaya 1 Modular Messaging Message Storage Server 2024-11-21 5.0 MEDIUM N/A
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2005-3989 1 Avaya 1 Tn2602ap Ip Media Resource 320 Circuit Pack 2024-11-21 7.8 HIGH N/A
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.
CVE-2005-3253 2 Avaya, Proxim 10 Wireless Ap-3, Wireless Ap-4, Wireless Ap-5 and 7 more 2024-11-21 7.5 HIGH N/A
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.
CVE-2005-2762 1 Avaya 1 Vpnremote 2024-11-21 2.1 LOW N/A
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
CVE-2005-1125 1 Avaya 1 Libsafe 2024-11-20 5.1 MEDIUM N/A
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
CVE-2005-0506 1 Avaya 2 Ip Office Phone Manager, Ip Soft Phone 2024-11-20 5.0 MEDIUM N/A
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
CVE-2005-0003 4 Avaya, Linux, Mandrakesoft and 1 more 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more 2024-11-20 2.1 LOW N/A
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.