CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4197 – Avaya IP Office One-X Portal File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-4197
25 Jun 2024 — An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4196 – Avaya IP Office Web Control RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-4196
25 Jun 2024 — An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-25657 – Avaya IP Office Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25657
02 Sep 2022 — A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya IP Office Admin Lite y USB Creator que podría permitir a un usuario local escalar privilegios. Este problema afecta a Admin Lite y USB Creator versión 11.1 Feature Pack 2 Servi... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7005 – Unauthenticated Information Disclosure Vulnerability in IP Office
https://notcve.org/view.php?id=CVE-2019-7005
07 Aug 2020 — A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. Se detectó una vulnerabilidad en el componente de la interfaz web de IP Office que puede permitir potencialmente a un usuario remoto no autenticado con acceso a la red conseguir información confidencial. Las versiones afectadas de IP ... • https://downloads.avaya.com/css/P8/documents/101070158 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 2CVE-2020-7030 – IPO Information Disclosure
https://notcve.org/view.php?id=CVE-2020-7030
03 Jun 2020 — A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. Se detectó una vulnerabilidad de divulgación de información confidencial en el componente web interface de IP Office, que puede permitir potencialmente a un usuario local conseguir acceso no autorizado al componente. Las vers... • https://packetstorm.news/files/id/157957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-15614 – IP Office one-X Portal XSS
https://notcve.org/view.php?id=CVE-2018-15614
23 Jan 2019 — A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. Una vulnerabilidad en el componente one-x Portal de IP Office podría permitir que un usuario autenticado realice ataques de Cross-Site Scripting (XSS) persistente mediante cambios en e... • https://downloads.avaya.com/css/P8/documents/101054317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 1CVE-2018-15610 – Improper access controls in IP Office one-X Portal
https://notcve.org/view.php?id=CVE-2018-15610
10 Sep 2018 — A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. Una vulnerabilidad en el componente one-X Portal de Avaya IP Office permite que un atacante autenticado lea y elimine archivos arbitrarios en el sistema. Las versiones afectadas de Avaya IP Office incluyen desde la 9.1 hasta la 9.1 SP12, desde la ... • https://packetstorm.news/files/id/149284 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.6EPSS: 29%CPEs: 1EXPL: 3CVE-2017-11309 – Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2017-11309
05 Nov 2017 — Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. Desbordamiento de búfer en el cliente de SoftConsole en Avaya IP Office en versiones anteriores a la 10.1.1 permite que servidores remotos ejecuten código arbitrario mediante una respuesta larga. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability. • https://packetstorm.news/files/id/144883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 7%CPEs: 10EXPL: 2CVE-2017-12969 – Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-12969
05 Nov 2017 — Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. Desbordamiento de búfer en el control ViewerCtrlLib.ViewerCtrl de ActiveX en Avaya IP Office Contact Center, en versiones anteriores a la 10.1.1, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica o heap y c... • https://packetstorm.news/files/id/144882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
16 Nov 2016 — A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Deneg... • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html • CWE-476: NULL Pointer Dereference •