Avaya Aura Communication Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Avaya Aura Communication Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2010-2943 — CVSS 8.1 (high): The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which…
CVE-2010-2492 — CVSS 7.8 (high): Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might…
CVE-2010-2798 — CVSS 7.8 (high): The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations…
CVE-2022-2249 — CVSS 7.7 (high): Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users…
CVE-2016-5285 — CVSS 7.5 (high): A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey /…
CVE-2009-3939 — CVSS 7.1 (high): The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows…
CVE-2018-15617 — CVSS 6.5 (medium): A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated…
CVE-2020-7029 — CVSS 6.4 (medium): A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura…
CVE-2018-15611 — CVSS 6.3 (medium): A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged…
CVE-2010-2942 — CVSS 5.5 (medium): The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain…