
CVE-2008-3778
https://notcve.org/view.php?id=CVE-2008-3778
25 Aug 2008 — The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. El interfaz remoto de gestión en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300... • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2008-2812 – kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
https://notcve.org/view.php?id=CVE-2008-2812
09 Jul 2008 — The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, es... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 • CWE-476: NULL Pointer Dereference •

CVE-2008-3081
https://notcve.org/view.php?id=CVE-2008-3081
09 Jul 2008 — Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the extern... • http://osvdb.org/46587 • CWE-20: Improper Input Validation •

CVE-2007-5830
https://notcve.org/view.php?id=CVE-2007-5830
05 Nov 2007 — Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." Vulnerabilidad no especificada en la interfaz administrativa de Avaya Messaging Storage SErver (MSS) 3.1 anterior a SP1, y Message Networking (MN) 3.1, permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados rel... • http://osvdb.org/38482 • CWE-20: Improper Input Validation •

CVE-2007-5556
https://notcve.org/view.php?id=CVE-2007-5556
18 Oct 2007 — Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Avaya VoIP Handset permite a atacantes remotos provocar una denegación de servicio (reinicio) mediante paquetes manipulados. NOTA: A ... • http://www.irmplc.com/index.php/111-Vendor-Alerts • CWE-20: Improper Input Validation •

CVE-2007-3286
https://notcve.org/view.php?id=CVE-2007-3286
19 Sep 2007 — Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en controles ActiveX en objetos COM de Avaya IP Softphone R5.2 anterior a SP3, y R6.0, permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://osvdb.org/38258 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2007-3317
https://notcve.org/view.php?id=CVE-2007-3317
21 Jun 2007 — The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message. El módulo de análisis sintáctico de mensajes Session Initiation Protocol (SIP) User Access Client (UAC) en el Avaya one-X Desktop Edition 2.1.0.70 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) a través de un men... • http://osvdb.org/38113 •

CVE-2007-3318
https://notcve.org/view.php?id=CVE-2007-3318
21 Jun 2007 — Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message. Desbordamiento de búfer en el módulo de análisis sintáctico de mensajes Session Initiation Protocol (SIP) User Access Client (UAC) del Avaya one-X Desktop Edition 2.1.0.70 y versiones anteriores permite a atacantes remotos provocar una denegación de... • http://osvdb.org/38114 •

CVE-2007-3319
https://notcve.org/view.php?id=CVE-2007-3319
21 Jun 2007 — The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications. El Avaya 4602SW IP Phone (Model 4602D02A) con software empotrado (firmware) 2.2.2 y versiones anteriores no utiliza el parámetro cnonce en la cabecera de autorización de las peticiones SIP durante la autenticación ... • http://osvdb.org/38115 •

CVE-2007-3320
https://notcve.org/view.php?id=CVE-2007-3320
21 Jun 2007 — The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact. El Avaya 4602SW IP Phone (Model 4602D02A) con software empotrado (firmware) SIP 2.2.2 y versiones anteriores acepta peticiones SIP INVITE desde direcciones IP origen arbitrarias, lo que permite a atacantes remotos tener un impacto desconocido. • http://osvdb.org/38116 •