CVSS: 8.8EPSS: 60%CPEs: 10EXPL: 2CVE-2017-12969 – Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-12969
05 Nov 2017 — Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. Desbordamiento de búfer en el control ViewerCtrlLib.ViewerCtrl de ActiveX en Avaya IP Office Contact Center, en versiones anteriores a la 10.1.1, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica o heap y c... • https://packetstorm.news/files/id/144882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
16 Nov 2016 — A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Deneg... • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 1CVE-2012-3811 – Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-3811
28 Jun 2012 — Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. Vulnerabilidad de subida de fichero no restringido en ImageUpload.ashx en la aplicación Wallboard en Avaya IP Office Customer Call Reporter v7.0 anteriores a... • https://www.exploit-db.com/exploits/21847 •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 1CVE-2005-0506 – Avaya IP Office Phone Manager - Local Password Disclosure
https://notcve.org/view.php?id=CVE-2005-0506
22 Feb 2005 — The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. • https://www.exploit-db.com/exploits/839 •