Vulnerabilities (CVE)

Filtered by vendor Avaya Subscribe
Total 135 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1260 1 Avaya 1 Argent Office 2025-04-03 10.0 HIGH N/A
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
CVE-2004-0205 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2025-04-03 7.2 HIGH N/A
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
CVE-2005-0003 4 Avaya, Linux, Mandrakesoft and 1 more 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more 2025-04-03 2.1 LOW N/A
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
CVE-2005-3253 2 Avaya, Proxim 10 Wireless Ap-3, Wireless Ap-4, Wireless Ap-5 and 7 more 2025-04-03 7.5 HIGH N/A
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.
CVE-2004-0215 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2025-04-03 5.0 MEDIUM N/A
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-2004-0839 3 Avaya, Microsoft, Nortel 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more 2025-04-03 5.0 MEDIUM N/A
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
CVE-2005-0506 1 Avaya 2 Ip Office Phone Manager, Ip Soft Phone 2025-04-03 5.0 MEDIUM N/A
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2025-04-03 7.5 HIGH N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2005-2762 1 Avaya 1 Vpnremote 2025-04-03 2.1 LOW N/A
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
CVE-2002-1229 1 Avaya 5 Cajun P550, Cajun P550r, Cajun P580 and 2 more 2025-04-03 7.5 HIGH N/A
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
CVE-2005-1125 1 Avaya 1 Libsafe 2025-04-03 5.1 MEDIUM N/A
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2025-04-03 5.0 MEDIUM 7.5 HIGH
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2005-4471 1 Avaya 1 Modular Messaging Message Storage Server 2025-04-03 5.0 MEDIUM N/A
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2006-1058 2 Avaya, Busybox 5 Aura Application Enablement Services, Aura Sip Enablement Services, Message Networking and 2 more 2025-04-03 2.1 LOW 5.5 MEDIUM
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
CVE-2001-1261 1 Avaya 1 Argent Office 2025-04-03 5.0 MEDIUM N/A
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
CVE-2006-0718 1 Avaya 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more 2025-04-03 5.0 MEDIUM N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2004-0493 5 Apache, Avaya, Gentoo and 2 more 8 Http Server, Converged Communications Server, S8300 and 5 more 2025-04-03 6.4 MEDIUM N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2004-0841 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2025-04-03 5.0 MEDIUM N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2001-1494 2 Avaya, Kernel 7 Cvlan, Integrated Management Suit, Interactive Response and 4 more 2025-04-03 2.1 LOW 5.5 MEDIUM
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.