CVE-2021-25651 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25651
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir a un usuario local escalar privilegios. Afecta a todas las versiones 7.x de Avaya Aura Utility Services • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2021-25650 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25650
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir potencialmente a un usuario local ejecutar scripts especialmente diseñados como usuario privilegiado. Afecta a todas las versiones 7.x de Avaya Aura Utility Services • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2021-25649 – Avaya Utility Services Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25649
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Utility Services. Esta vulnerabilidad podría permitir potencialmente a cualquier usuario local acceder a la funcionalidad del sistema y a la información de configuración que sólo debería estar disponible para un usuario con privilegios. Afecta a todas las versiones 7.x de Avaya Aura Utility Services • https://support.avaya.com/css/P8/documents/101072728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa • CWE-476: NULL Pointer Dereference •