CVE-2018-15617 – Communication Manager Denial of Service
https://notcve.org/view.php?id=CVE-2018-15617
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. Una vulnerabilidad en el componente del proceso "capro" (Call Processor, procesador de llamadas) de Avaya Aura Communication Manager podría permitir a un usuario remoto no autenticado provocar una denegación de servicio (DoS). Las versiones afectadas incluyen las 6.3.x, las 7.x anteriores a la 7.1.3.2 y las 8.x anteriores a la 8.0.1. • http://www.securityfocus.com/bid/106826 https://downloads.avaya.com/css/P8/documents/101055396 • CWE-399: Resource Management Errors •
CVE-2018-15611 – Communication Manager Local Administrator PrivEsc
https://notcve.org/view.php?id=CVE-2018-15611
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. Una vulnerabilidad en el componente de administración del sistema local de Avaya Aura Communication Manager puede permitir que un usuario autenticado privilegiado en el sistema local obtenga privilegios root. Las versiones afectadas incluyen las 6.3.x y todas las versiones 7.x anteriores a la 7.1.3.1. • https://downloads.avaya.com/css/P8/documents/101052550 • CWE-284: Improper Access Control •
CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa • CWE-476: NULL Pointer Dereference •