CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-35314
https://notcve.org/view.php?id=CVE-2024-35314
21 Oct 2024 — A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary scripts. A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticate... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.6EPSS: 1%CPEs: 2EXPL: 1CVE-2024-35315
https://notcve.org/view.php?id=CVE-2024-35315
21 Oct 2024 — A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. • https://github.com/ewilded/CVE-2024-35315-POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2024-41714
https://notcve.org/view.php?id=CVE-2024-41714
21 Oct 2024 — A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31784
https://notcve.org/view.php?id=CVE-2022-31784
17 Jun 2022 — A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. Una vulnerabilidad en la interfaz de administración de MiVoice Business versiones hasta 9.3 PR1 y MiVoice Business Express versiones hasta 8.0 S... • https://www.mitel.com/support/security-advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 59%CPEs: 4EXPL: 1CVE-2022-26143 – MiCollab, MiVoice Business Express Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2022-26143
09 Mar 2022 — The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. El componente TP-240 (también conocido como tp240dvr) en Mitel MiCollab versiones anteriores a 9.4 SP1 FP1 y MiVoice Business Express versiones hasta 8.1, permi... • https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18819
https://notcve.org/view.php?id=CVE-2018-18819
12 Nov 2019 — A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. Una vulnerabilidad en el componente de chat de conferencia web de MiCollab... • https://www.mitel.com/support/security-advisories • CWE-863: Incorrect Authorization •
CVSS: 5.6EPSS: 46%CPEs: 665EXPL: 7CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://packetstorm.news/files/id/147839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •