CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2018-15616 – System Platform Web UI Deserialization
https://notcve.org/view.php?id=CVE-2018-15616
17 Oct 2018 — A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. Una vulnerabilidad en el componente Web UI de Avaya Aura System Platform podría permitir que un usuario remoto no autenticado realice un ataque de deserialización dirigida que podría resultar en la ejecución remota de c... • https://downloads.avaya.com/css/P8/documents/101052865 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15611 – Communication Manager Local Administrator PrivEsc
https://notcve.org/view.php?id=CVE-2018-15611
27 Sep 2018 — A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. Una vulnerabilidad en el componente de administración del sistema local de Avaya Aura Communication Manager puede permitir que un usuario autenticado privilegiado en el sistema local obtenga privilegios root. Las versiones afectadas incluyen las 6.3.x y to... • https://downloads.avaya.com/css/P8/documents/101052550 • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15613 – Orchestration Designer Runtime Config XSS
https://notcve.org/view.php?id=CVE-2018-15613
21 Sep 2018 — A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. Una vulnerabilidad Cross-Site Scripting (XSS) en el componente Runtime Config de Avaya Aura Orchestration Designer podría resultar en la devolución de contenido malicioso al usuario. Las versiones afectadas de Avaya Aura Orchestration Designer son t... • https://downloads.avaya.com/css/P8/documents/101052293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6635
https://notcve.org/view.php?id=CVE-2018-6635
05 Feb 2018 — System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. System Manager en Avaya Aura en versiones anteriores a la 7.1.2 no utiliza SSL correctamente junto con la autenticación, lo que permite que los atacantes remotos omitan las restricciones RMI (Remote Method Invocation). Esto también se conoce como SMGR-26896. • http://www.securityfocus.com/bid/102940 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
16 Nov 2016 — A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Deneg... • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 0CVE-2011-5096
https://notcve.org/view.php?id=CVE-2011-5096
03 Jul 2012 — Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. Desbordamiento de búfer basado en pila en cstore.exe en Media Application Server (MAS) en Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) v1.x anteriores... • http://zerodayinitiative.com/advisories/ZDI-11-260 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 0CVE-2011-1229
https://notcve.org/view.php?id=CVE-2011-1229
13 Apr 2011 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." Vulneravilidad de desreferencia a puntero nulo en win32k.sys en el... • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 3%CPEs: 26EXPL: 2CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
30 Sep 2010 — The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo q... • https://www.exploit-db.com/exploits/15155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2010-2942 – kernel: net sched: fix some kernel memory leaks
https://notcve.org/view.php?id=CVE-2010-2942
21 Sep 2010 — The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sc... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2010-2798 – kernel: gfs2: rename causes kernel panic
https://notcve.org/view.php?id=CVE-2010-2798
08 Sep 2010 — The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. La función gfs2_dirent_find_space en fs/gfs2/dir.c en el kernel de Linux anterior a v 2.6.35, usa un ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203 • CWE-476: NULL Pointer Dereference •