Avaya: >> Ip Office >> 8.1 Security Vulnerabilities
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
CVSS Score
9.9
EPSS Score
0.005
Published
2024-06-25
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
CVSS Score
10.0
EPSS Score
0.007
Published
2024-06-25
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-02
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-15
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
CVSS Score
9.6
EPSS Score
0.286
Published
2017-11-10