CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-7006 – Avaya one-X Communicator Weak Encryption
https://notcve.org/view.php?id=CVE-2019-7006
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. Avaya one-X Communicator utiliza algoritmos criptográficos débiles en el componente de autenticación del cliente que podría permitir a un atacante local descifrar información sensible. Las versiones afectadas incluyen todas las 6.2.x anteriores a la 6.2 SP13. • http://www.securityfocus.com/bid/107175 https://downloads.avaya.com/css/P8/documents/101055601 https://downloads.avaya.com/css/P8/documents/101055661 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 2%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa&#x • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-6140
https://notcve.org/view.php?id=CVE-2008-6140
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors. Vulnerabilidad no especificada en el protocolo de inicio de sesión (SIP) implementado en Avaya one-X Desktop Edition v2.1.0.78 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados. • http://secunia.com/advisories/32205 http://support.avaya.com/elmodocs2/security/ASA-2008-370.htm http://www.securityfocus.com/bid/31636 http://www.voipshield.com/research-details.php?id=124 https://exchange.xforce.ibmcloud.com/vulnerabilities/45748 •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0CVE-2007-3318
https://notcve.org/view.php?id=CVE-2007-3318
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message. Desbordamiento de búfer en el módulo de análisis sintáctico de mensajes Session Initiation Protocol (SIP) User Access Client (UAC) del Avaya one-X Desktop Edition 2.1.0.70 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (apagón de la recepción de llamadas) mediante un mensaje SIP mal formado. • http://osvdb.org/38114 http://secunia.com/advisories/25727 http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm http://www.securityfocus.com/bid/24530 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=295& https://exchange.xforce.ibmcloud.com/vulnerabilities/34952 https://exchange.xforce.ibmcloud.com/vulnerabilities/35072 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3317
https://notcve.org/view.php?id=CVE-2007-3317
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message. El módulo de análisis sintáctico de mensajes Session Initiation Protocol (SIP) User Access Client (UAC) en el Avaya one-X Desktop Edition 2.1.0.70 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) a través de un mensaje SIP mal formado. • http://osvdb.org/38113 http://secunia.com/advisories/25727 http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm http://www.securityfocus.com/bid/24541 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=296& https://exchange.xforce.ibmcloud.com/vulnerabilities/34952 •