CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 2CVE-2017-11309 – Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2017-11309
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. Desbordamiento de búfer en el cliente de SoftConsole en Avaya IP Office en versiones anteriores a la 10.1.1 permite que servidores remotos ejecuten código arbitrario mediante una respuesta larga. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability. • https://www.exploit-db.com/exploits/43121 http://downloads.avaya.com/css/P8/documents/101044086 http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-Console-Remote-Buffer-Overflow.html http://www.securityfocus.com/bid/101674 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 30%CPEs: 10EXPL: 1CVE-2017-12969 – Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-12969
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. Desbordamiento de búfer en el control ViewerCtrlLib.ViewerCtrl de ActiveX en Avaya IP Office Contact Center, en versiones anteriores a la 10.1.1, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica o heap y cierre inesperado) o ejecuten código arbitrario mediante una cadena larga para el método open. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability. • https://www.exploit-db.com/exploits/43120 http://downloads.avaya.com/css/P8/documents/101044091 http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html http://seclists.org/fulldisclosure/2017/Nov/17 http://www.securityfocus.com/bid/101667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa&#x • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2016-2783
https://notcve.org/view.php?id=CVE-2016-2783
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) en versiones anteriores a 4.2.3.0 y 5.x en versiones anteriores a 5.0.1.0 no maneja adecuadamente los índices VLAN e I-SIS, lo que permite a atacantes remotos obtener acceso no autorizado a través de marcos Ethernet manipulados. • http://www.securityfocus.com/bid/92157 https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2011-5096
https://notcve.org/view.php?id=CVE-2011-5096
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. Desbordamiento de búfer basado en pila en cstore.exe en Media Application Server (MAS) en Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) v1.x anteriores a v1.0.2 y v2.0 anteriores a Patch Bundle 10, permite a atacantes remotos ejecutar código de su elección a través del parámetro cs_anams en un paquete CONTENT_STORE_ADMIN_REQ packet. • http://zerodayinitiative.com/advisories/ZDI-11-260 https://downloads.avaya.com/css/P8/documents/100146108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •