Search Results (139 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1259 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
CVE-2001-1260 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
CVE-2001-1262 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
CVE-2001-1261 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
CVE-2002-0175 1 Avaya 1 Libsafe 2026-04-16 N/A
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 67 Webstar, Mac Os X, Mac Os X Server and 64 more 2026-04-16 7.5 High
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2004-0493 6 Apache, Avaya, Gentoo and 3 more 9 Http Server, Converged Communications Server, S8300 and 6 more 2026-04-16 N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2026-04-16 N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2004-0215 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-2002-0176 1 Avaya 1 Libsafe 2026-04-16 N/A
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
CVE-2005-4471 1 Avaya 1 Modular Messaging Message Storage Server 2026-04-16 N/A
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2006-0718 1 Avaya 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more 2026-04-16 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2005-2762 1 Avaya 1 Vpnremote 2026-04-16 N/A
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
CVE-2004-0842 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2026-04-16 N/A
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
CVE-2025-49186 2 Avaya, Sick 6 Media Server, Baggage Analytics, Field Analytics and 3 more 2026-02-03 5.3 Medium
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2024-7480 1 Avaya 1 Aura System Manager 2025-10-01 4.2 Medium
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
CVE-2024-4196 1 Avaya 1 Ip Office 2025-10-01 10 Critical
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
CVE-2024-12756 1 Avaya 1 Spaces 2025-10-01 7.3 High
An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.
CVE-2025-1041 1 Avaya 1 Call Management System 2025-07-30 9.9 Critical
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
CVE-2024-12755 1 Avaya 1 Spaces 2025-07-29 7.9 High
A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.