CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2008-5709
https://notcve.org/view.php?id=CVE-2008-5709
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar código de su elección mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History. • http://secunia.com/advisories/32204 http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm http://www.securityfocus.com/bid/31645 http://www.voipshield.com/research-details.php?id=121 http://www.voipshield.com/research-details.php?id=122 http://www.vupen.com/english/advisories/2008/2772 https://exchange.xforce.ibmcloud.com/vulnerabilities/45747 https://exchange.xforce.ibmcloud.com/vulnerabilities/45749 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-5710
https://notcve.org/view.php?id=CVE-2008-5710
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1.x, 4.0.3 y 5.x permite a atacantes remotos leer (1) archivos de configuración, (2) archivos de log, (3) archivos binarios de imagen y (4) archivos de ayuda mediante vectores desconocidos. • http://secunia.com/advisories/32035 http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm http://www.securityfocus.com/bid/31639 http://www.voipshield.com/research-details.php?id=123 http://www.vupen.com/english/advisories/2008/2774 https://exchange.xforce.ibmcloud.com/vulnerabilities/45750 • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3778
https://notcve.org/view.php?id=CVE-2008-3778
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. El interfaz remoto de gestión en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, continua con las actualizaciones de Core router incluso con un login no válido, lo que permite a atacantes remotos provocar una denegación de servicio (corte del servicio de mensajería) o bien obtener privilegios mediante una petición de actualización. • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm http://www.securityfocus.com/bid/30758 https://exchange.xforce.ibmcloud.com/vulnerabilities/44585 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3777
https://notcve.org/view.php?id=CVE-2008-3777
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, escribe los nombres y contraseñas de cuenta en los logs (1) alarm y (2) system, durante los intentos fallidos de login, lo que permite a usuarios locales obtener credenciales leyendo estos logs. • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm http://www.securityfocus.com/bid/30758 https://exchange.xforce.ibmcloud.com/vulnerabilities/44586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2008-2812 – kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
https://notcve.org/view.php?id=CVE-2008-2812
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://l • CWE-476: NULL Pointer Dereference •