CVE-2019-7004 – Avaya IP Office XSS Vulnerability
https://notcve.org/view.php?id=CVE-2019-7004
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente WebUI de IP Office Application Server, podría permitir una ejecución no autorizada de código y revelar potencialmente información confidencial. Todas las versiones del producto 11.x están afectadas. • https://www.exploit-db.com/exploits/48105 http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html https://support.avaya.com/css/P8/documents/101062833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa • CWE-476: NULL Pointer Dereference •