Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aura vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-3722
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and previous versions.
Avaya Aura Device Services
9.8
CVSSv3
CVE-2018-15616
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 up to and including 6.3.9 ...
Avaya Avaya Aura System Platform
9.8
CVSSv3
CVE-2017-5358
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote malicious users to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
Easycom-aura Easycom For Php 4.0.0.29
1 EDB exploit
8.8
CVSSv3
CVE-2022-4439
Use after free in Aura in Google Chrome on Windows before 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
Google Chrome
8.8
CVSSv3
CVE-2021-25650
A privilege escalation vulnerability exists in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
Avaya Aura Utility Services
8.8
CVSSv3
CVE-2021-30506
Incorrect security UI in Web App Installs in Google Chrome on Android before 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2021-30507
Inappropriate implementation in Offline in Google Chrome on Android before 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2021-30508
Heap buffer overflow in Media Feeds in Google Chrome before 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2021-30520
Use after free in Tab Strip in Google Chrome before 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2021-30509
Out of bounds write in Tab Strip in Google Chrome before 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »