Avaya Message Networking vulnerabilities

CVE-2016-5285 [HIGH] CWE-476 CVE-2016-5285: A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missin A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

CVE-2009-0115 [HIGH] CWE-732 CVE-2009-0115: The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as use The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath

CVE-2008-2812 [HIGH] CWE-476 CVE-2008-2812: The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.

CVE-2007-5830 [HIGH] CWE-20 CVE-2007-5830: Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3. Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."