Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avaya aura vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-3722
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and previous versions.
Avaya Aura Device Services
9.8
CVSSv3
CVE-2018-15616
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 up to and including 6.3.9 ...
Avaya Avaya Aura System Platform
8.8
CVSSv3
CVE-2021-25650
A privilege escalation vulnerability exists in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
Avaya Aura Utility Services
8.8
CVSSv3
CVE-2020-7029
A Cross-Site Request Forgery (CSRF) vulnerability exists in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote malicious user to perform Web administration actions wi...
Avaya Aura Messaging 7.1
Avaya Aura Messaging
Avaya Aura Communication Manager
8.8
CVSSv3
CVE-2018-15612
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an malicious user to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
Avaya Orchestration Designer
8.6
CVSSv3
CVE-2019-7007
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and previous versions. Successful exploitation could potentially allow an unauthenticated malicious user to access files that are outside the restricted directory on the rem...
Avaya Aura Conferencing
8.1
CVSSv3
CVE-2010-2943
The xfs implementation in the Linux kernel prior to 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but wer...
Linux Linux Kernel
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 6.06
Vmware Esx 4.1
Vmware Esx 4.0
Avaya Aura System Manager 6.0
Avaya Aura System Manager 5.2
Avaya Aura Communication Manager 5.2
Avaya Aura System Platform 1.1
Avaya Aura System Platform 6.0
Avaya Aura System Manager 6.1
Avaya Aura System Manager 6.1.1
Avaya Aura Session Manager 1.1
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 6.0
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.1.1
Avaya Aura Presence Services 6.0
Avaya Iq 5.1
Avaya Iq 5.0
1 EDB exploit
7.8
CVSSv3
CVE-2021-25654
An arbitrary code execution vulnerability exists in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 up to and including 8.1.4.0 versions of Avaya Aura Device Services.
Avaya Aura Device Services
7.8
CVSSv3
CVE-2021-25651
A privilege escalation vulnerability exists in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services
Avaya Aura Utility Services
7.8
CVSSv3
CVE-2021-25653
A privilege escalation vulnerability exists in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 up to and including 8.1.3.1 versions of AVPU.
Avaya Aura Appliance Virtualization Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »