CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19607
https://notcve.org/view.php?id=CVE-2019-19607
02 Mar 2020 — A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. Una vulnerabilidad de inyección SQL en el componente web conferencing de Mitel MiCollab AWV versiones anteriores a 8.1.2.2, podría permitir un ataque no autenticado debido a una comp... • https://www.mitel.com/support/security-advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19371
https://notcve.org/view.php?id=CVE-2019-19371
02 Mar 2020 — A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente web conferencing de Mitel MiCollab AWV versiones anteriores a 8.1.2.2, podría permitir a un a... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19370
https://notcve.org/view.php?id=CVE-2019-19370
02 Mar 2020 — A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente web conferencing de la aplicación Mitel MiCollab versiones anteriores a... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18819
https://notcve.org/view.php?id=CVE-2018-18819
12 Nov 2019 — A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. Una vulnerabilidad en el componente de chat de conferencia web de MiCollab... • https://www.mitel.com/support/security-advisories • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2019-12165
https://notcve.org/view.php?id=CVE-2019-12165
29 May 2019 — MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands. MiCollab versión 7.3 PR2 (7.3.0.204) y anteriores, versión 7.2 (7.2.2.13) y anteriores, y versión 7.1 (7.1.0.57) y anteriores y MiCollab AWV versión 6.3 (6.3.0.103), ver... • https://www.mitel.com/-/media/mitel/pdf/content-entry-pdf/en-security-bulletin-17-0010-004.pdf •
CVSS: 5.6EPSS: 46%CPEs: 665EXPL: 7CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://packetstorm.news/files/id/147839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 94%CPEs: 54EXPL: 84CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •