Avaya Messaging Storage Server vulnerabilities

5 known vulnerabilities affecting avaya/messaging_storage_server.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-0115HIGHCVSS 7.8v3.0v4.0+1 more2009-03-30
CVE-2009-0115 [HIGH] CWE-732 CVE-2009-0115: The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as use The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath
nvd
CVE-2008-2812HIGHCVSS 7.8v4.02008-07-09
CVE-2008-2812 [HIGH] CWE-476 CVE-2008-2812: The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.
nvd
CVE-2008-3081MEDIUMCVSS 6.5v3v3.1+1 more2008-07-09
CVE-2008-3081 [MEDIUM] CWE-20 CVE-2008-3081: Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messagi Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store c
nvd
CVE-2007-5830HIGHCVSS 7.8v3.12007-11-05
CVE-2007-5830 [HIGH] CWE-20 CVE-2007-5830: Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3. Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
nvd
CVE-2006-1058MEDIUMCVSS 5.5≥ 3.0, < 4.02006-04-04
CVE-2006-1058 [MEDIUM] CWE-916 CVE-2006-1058: BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users t BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
nvd