← Back

Avaya

avaya

139 CVEs • 158 products

Products (158)

Click to collapse
Toggle
Communication Manager
communication_manager
16 CVEs
Modular Messaging Message Storage Server
modular_messaging_message_storage_server
15 CVEs
S8300
s8300
11 CVEs
S8500
s8500
11 CVEs
S8700
s8700
11 CVEs
Converged Communications Server
converged_communications_server
10 CVEs
Definity One Media Server
definity_one_media_server
10 CVEs
S8100
s8100
10 CVEs
Aura Communication Manager
aura_communication_manager
10 CVEs
Ip600 Media Servers
ip600_media_servers
9 CVEs
Aura System Manager
aura_system_manager
9 CVEs
Ip Office
ip_office
9 CVEs
Sip Enablement Services
sip_enablement_services
8 CVEs
Intuity Audix
intuity_audix
7 CVEs
Message Networking
message_networking
6 CVEs
Messaging Storage Server
messaging_storage_server
6 CVEs
S3400
s3400
6 CVEs
Aura Session Manager
aura_session_manager
6 CVEs
Aura System Platform
aura_system_platform
5 CVEs
Iq
iq
5 CVEs
Argent Office
argent_office
4 CVEs
Intuity Audix Lx
intuity_audix_lx
4 CVEs
Mn100
mn100
4 CVEs
Aura Application Enablement Services
aura_application_enablement_services
4 CVEs
4602sw Ip Phone
4602sw_ip_phone
4 CVEs
Aura Presence Services
aura_presence_services
4 CVEs
Aura Experience Portal
aura_experience_portal
4 CVEs
Aura Utility Services
aura_utility_services
4 CVEs
Cvlan
cvlan
3 CVEs
Libsafe
libsafe
3 CVEs
Network Routing
network_routing
3 CVEs
Integrated Management
integrated_management
3 CVEs
Sg200
sg200
3 CVEs
Sg203
sg203
3 CVEs
Sg208
sg208
3 CVEs
Sg5
sg5
3 CVEs
Vsu
vsu
3 CVEs
Ip Soft Phone
ip_soft_phone
3 CVEs
S8710
s8710
3 CVEs
One X
one-x
3 CVEs
Meeting Exchange
meeting_exchange
3 CVEs
Voice Portal
voice_portal
3 CVEs
Aura Conferencing
aura_conferencing
3 CVEs
Call Management System
call_management_system
3 CVEs
Equinox Conferencing
equinox_conferencing
3 CVEs
Ix Workforce Engagement
ix_workforce_engagement
3 CVEs
Interactive Response
interactive_response
2 CVEs
Call Management System Server
call_management_system_server
2 CVEs
Aura Sip Enablement Services
aura_sip_enablement_services
2 CVEs
Media Server
media_server
2 CVEs
Proactive Contact
proactive_contact
2 CVEs
Aura Voice Portal
aura_voice_portal
2 CVEs
Aura Application Server 5300
aura_application_server_5300
2 CVEs
Ip Office Contact Center
ip_office_contact_center
2 CVEs
Aura Orchestration Designer
aura_orchestration_designer
2 CVEs
Aura Messaging
aura_messaging
2 CVEs
Aura Appliance Virtualization Platform
aura_appliance_virtualization_platform
2 CVEs
Aura Device Services
aura_device_services
2 CVEs
Spaces
spaces
2 CVEs
Integrated Management Suit
integrated_management_suit
1 CVE
Intuity Lx
intuity_lx
1 CVE
Cajun M770 Atm
cajun_m770-atm
1 CVE
Cajun P130
cajun_p130
1 CVE
Cajun P330
cajun_p330
1 CVE
Cajun P550
cajun_p550
1 CVE
Cajun P550r
cajun_p550r
1 CVE
Cajun P580
cajun_p580
1 CVE
Cajun P880
cajun_p880
1 CVE
Cajun P882
cajun_p882
1 CVE
Predictive Dialer System
predictive_dialer_system
1 CVE
Ip Office Phone Manager
ip_office_phone_manager
1 CVE
Tn2602ap Ip Media Resource 320 Circuit Pack
tn2602ap_ip_media_resource_320_circuit_pack
1 CVE
Wireless Ap 3
wireless_ap-3
1 CVE
Wireless Ap 4
wireless_ap-4
1 CVE
Wireless Ap 5
wireless_ap-5
1 CVE
Wireless Ap 6
wireless_ap-6
1 CVE
Wireless Ap 7
wireless_ap-7
1 CVE
Wireless Ap 8
wireless_ap-8
1 CVE
Vpnremote
vpnremote
1 CVE
Vsu 100
vsu_100
1 CVE
Vsu 10000
vsu_10000
1 CVE
Vsu 2000
vsu_2000
1 CVE
Vsu 7500
vsu_7500
1 CVE
Csu 5000
csu_5000
1 CVE
Voip Handset
voip_handset
1 CVE
Expanded Meet Me Conferencing
expanded_meet-me_conferencing
1 CVE
Broadcast Server
broadcast_server
1 CVE
Agent Access
agent_access
1 CVE
Aura Conferencing Standard Edition
aura_conferencing_standard_edition
1 CVE
Basic Call Management System Reporting Desktop
basic_call_management_system_reporting_desktop
1 CVE
Call Management Server Supervisor
call_management_server_supervisor
1 CVE
Callpilot
callpilot
1 CVE
Callvisor Asai Lan
callvisor_asai_lan
1 CVE
Communication Server 1000 Telephony Manager
communication_server_1000_telephony_manager
1 CVE
Computer Telephony
computer_telephony
1 CVE
Contact Center Express
contact_center_express
1 CVE
Customer Interaction Express
customer_interaction_express
1 CVE
Enterprise Manager
enterprise_manager
1 CVE
Interaction Center
interaction_center
1 CVE
Ip Agent
ip_agent
1 CVE

CVEs (139)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2006-0718
1Avaya
5Csu 5000
Vsu 100Vsu 10000+2 more
Apr 16, 2026
Feb 15, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as d...Show more
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.Show less
CVE-2005-2762
1Avaya
1Vpnremote
Apr 16, 2026
Dec 31, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
CVE-2005-4471
1Avaya
1Modular Messaging Message Storage Server
Apr 16, 2026
Dec 22, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2005-3253
2Avaya
Proxim
10Ap 2000
Ap 4000Ap 600+7 more
Apr 16, 2026
Dec 16, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and be...Show more
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.Show less
CVE-2005-3989
1Avaya
1Tn2602ap Ip Media Resource 320 Circuit Pack
Apr 16, 2026
Dec 4, 2005
N/A· v4
N/A· v3
7.8 HIGH· v2
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.
CVE-2005-1125
1Avaya
1Libsafe
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is complete...Show more
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.Show less
CVE-2005-0003
4Avaya
LinuxMandrakesoft+1 more
15Converged Communications Server
Enterprise LinuxEnterprise Linux Desktop+12 more
Apr 16, 2026
Apr 14, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (...Show more
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.Show less
CVE-2004-1235
7Avaya
ConectivaLinux+4 more
20Converged Communications Server
Enterprise LinuxEnterprise Linux Desktop+17 more
Apr 16, 2026
Apr 14, 2005
N/A· v4
N/A· v3
6.2 MEDIUM· v2
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA d...Show more
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.Show less
CVE-2005-0506
1Avaya
2Ip Office Phone Manager
Ip Soft Phone
Apr 16, 2026
Mar 14, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impe...Show more
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.Show less
CVE-2004-1050
2Avaya
Microsoft
7Definity One Media Server
IeInternet Explorer+4 more
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
10.0 HIGH· v2
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the manglem...Show more
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."Show less
CVE-2004-0842
2Avaya
Microsoft
7Definity One Media Server
IeInternet Explorer+4 more
Apr 16, 2026
Dec 23, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elem...Show more
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Show less
CVE-2004-0841
2Avaya
Microsoft
7Definity One Media Server
IeInternet Explorer+4 more
Apr 16, 2026
Dec 23, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Ima...Show more
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Show less
CVE-2004-1307
10Apple
AvayaConectiva+7 more
19Call Management System Server
CvlanIcontrol Service Manager+16 more
Apr 16, 2026
Dec 21, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which cau...Show more
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.Show less
CVE-2004-0494
2Avaya
Redhat
4Cvlan
Enterprise LinuxEnterprise Linux Desktop+1 more
Apr 16, 2026
Nov 23, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
CVE-2004-0112
244d
AppleAvaya+21 more
65Aaa Server
Access RegistrarApache Based Web Server+62 more
Apr 16, 2026
Nov 23, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a de...Show more
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.Show less
CVE-2004-0081
234d
AppleAvaya+20 more
66Aaa Server
Access RegistrarApache Based Web Server+63 more
Apr 16, 2026
Nov 23, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2004-0079
234d
AppleAvaya+20 more
66Aaa Server
Access RegistrarApache Based Web Server+63 more
Apr 16, 2026
Nov 23, 2004
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2004-0800
2Avaya
Sun
4Call Management System Server
DtmailSolaris+1 more
Apr 16, 2026
Aug 24, 2004
N/A· v4
N/A· v3
4.6 MEDIUM· v2
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
CVE-2004-0839
3Avaya
MicrosoftNortel
18Definity One Media Server
IeInternet Explorer+15 more
Apr 16, 2026
Aug 18, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, a...Show more
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Show less
CVE-2004-0554
6Avaya
ConectivaGentoo+3 more
18Converged Communications Server
Enterprise LinuxIntuity Audix+15 more
Apr 16, 2026
Aug 6, 2004
N/A· v4
N/A· v3
2.1 LOW· v2
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions,...Show more
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.Show less