CVE-2008-3778
https://notcve.org/view.php?id=CVE-2008-3778
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. El interfaz remoto de gestión en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, continua con las actualizaciones de Core router incluso con un login no válido, lo que permite a atacantes remotos provocar una denegación de servicio (corte del servicio de mensajería) o bien obtener privilegios mediante una petición de actualización. • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm http://www.securityfocus.com/bid/30758 https://exchange.xforce.ibmcloud.com/vulnerabilities/44585 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3777
https://notcve.org/view.php?id=CVE-2008-3777
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, escribe los nombres y contraseñas de cuenta en los logs (1) alarm y (2) system, durante los intentos fallidos de login, lo que permite a usuarios locales obtener credenciales leyendo estos logs. • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm http://www.securityfocus.com/bid/30758 https://exchange.xforce.ibmcloud.com/vulnerabilities/44586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-2812 – kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
https://notcve.org/view.php?id=CVE-2008-2812
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://l • CWE-476: NULL Pointer Dereference •
CVE-2007-1491
https://notcve.org/view.php?id=CVE-2007-1491
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. Apache Tomcat en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite conexiones de interfaces externas mediante el puerto 8009, que lo expone a ataques de fuentes externas. • http://secunia.com/advisories/24434 http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm http://www.osvdb.org/33346 •
CVE-2006-1058
https://notcve.org/view.php?id=CVE-2006-1058
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. BusyBox 1.1.1 no utiliza una "sal" cuando genera contraseñas, lo que facilita a usuarios locales adivinar contraseñas a partir de un fichero de contraseñas robado usando técnicas como tablas "rainbow". • http://bugs.busybox.net/view.php?id=604 http://secunia.com/advisories/19477 http://secunia.com/advisories/25098 http://secunia.com/advisories/25848 http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm http://www.redhat.com/support/errata/RHSA-2007-0244.html http://www.securityfocus.com/bid/17330 https://exchange.xforce.ibmcloud.com/vulnerabilities/25569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483 https://access.redhat.com/secu • CWE-916: Use of Password Hash With Insufficient Computational Effort •