Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avaya vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3722
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and previous versions.
Avaya Aura Device Services
641
VMScore
CVE-2018-15611
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version before 7.1.3.1.
Avaya Aura Communication Manager
NA
CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, before 8.1.2 patch 0402. Versions before...
Avaya Aura Experience Portal
187
VMScore
CVE-2021-25649
An information disclosure vulnerability exists in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged u...
Avaya Aura Utility Services
409
VMScore
CVE-2021-25651
A privilege escalation vulnerability exists in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services
Avaya Aura Utility Services
409
VMScore
CVE-2021-25650
A privilege escalation vulnerability exists in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
Avaya Aura Utility Services
409
VMScore
CVE-2021-25654
An arbitrary code execution vulnerability exists in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 up to and including 8.1.4.0 versions of Avaya Aura Device Services.
Avaya Aura Device Services
445
VMScore
CVE-2007-3320
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and previous versions SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote malicious users to have an unspecified impact.
Avaya 4602sw Ip Phone
445
VMScore
CVE-2007-3321
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and previous versions SIP firmware allows remote malicious users to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).
Avaya 4602sw Ip Phone
445
VMScore
CVE-2007-3322
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and previous versions SIP firmware uses a constant media port number for calls, which allows remote malicious users to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.
Avaya 4602sw Ip Phone
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »