CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25610
https://notcve.org/view.php?id=CVE-2020-25610
18 Dec 2020 — The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. El componente AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante conseguir acceso a una conferencia web debido a un control de acceso insuficiente para los códigos de conferencia • https://www.mitel.com/support/security-advisories •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25612
https://notcve.org/view.php?id=CVE-2020-25612
18 Dec 2020 — The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. El NuPoint Messenger de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante con una escalada de privilegios acceder a unos archivos de usuario debido a un control de acceso insuficiente. Un explotación con éxito podría potencialmente... • https://www.mitel.com/support/security-advisories •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13767
https://notcve.org/view.php?id=CVE-2020-13767
26 Aug 2020 — The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, La aplicación Mitel MiCollab versiones anteriores a 9.1.332, para iOS podría permitir a un usuario no autorizado acceder a archivos y carpetas restringidos debido a un control de acceso insuficiente. Una explotación requiere... • https://www.mitel.com/support/security-advisories •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13863
https://notcve.org/view.php?id=CVE-2020-13863
26 Aug 2020 — The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. El portal SAS de Mitel MiCollab versiones anteriores a 9.1.3, podría permitir a un atacante acceder a los datos de usuario al llevar a cabo una inyección de encabezado en las respuestas HTTP, debido al manejo inapropiado de los parámetros de entra... • https://www.mitel.com/support/security-advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19370
https://notcve.org/view.php?id=CVE-2019-19370
02 Mar 2020 — A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente web conferencing de la aplicación Mitel MiCollab versiones anteriores a... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18819
https://notcve.org/view.php?id=CVE-2018-18819
12 Nov 2019 — A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. Una vulnerabilidad en el componente de chat de conferencia web de MiCollab... • https://www.mitel.com/support/security-advisories • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2019-12165
https://notcve.org/view.php?id=CVE-2019-12165
29 May 2019 — MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands. MiCollab versión 7.3 PR2 (7.3.0.204) y anteriores, versión 7.2 (7.2.2.13) y anteriores, y versión 7.1 (7.1.0.57) y anteriores y MiCollab AWV versión 6.3 (6.3.0.103), ver... • https://www.mitel.com/-/media/mitel/pdf/content-entry-pdf/en-security-bulletin-17-0010-004.pdf •
CVSS: 7.5EPSS: 97%CPEs: 54EXPL: 83CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •