Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for aura_utility_services by avaya

    CVE-2021-25651 (GCVE-0-2021-25651)

    Vulnerability from nvd – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11 Unsupported When Assigned
    VLAI
    Title
    Avaya Aura Utility Services Privilege Escalation Vulnerability
    Summary
    A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Utility Services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.avaya.com/css/P8/documents/101072728"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Utility Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.8",
                  "status": "affected",
                  "version": "7.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-24T08:55:26.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.avaya.com/css/P8/documents/101072728"
            }
          ],
          "source": {
            "advisory": "N/A",
            "defect": [
              "PSST-1147"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Avaya Aura Utility Services Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "ID": "CVE-2021-25651",
              "STATE": "PUBLIC",
              "TITLE": "Avaya Aura Utility Services Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avaya Aura Utility Services",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "7.0.0.0",
                                "version_value": "7.1.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.avaya.com/css/P8/documents/101072728",
                  "refsource": "MISC",
                  "url": "https://support.avaya.com/css/P8/documents/101072728"
                }
              ]
            },
            "source": {
              "advisory": "N/A",
              "defect": [
                "PSST-1147"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2021-25651",
        "datePublished": "2021-06-24T08:55:26.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25650 (GCVE-0-2021-25650)

    Vulnerability from nvd – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11 Unsupported When Assigned
    VLAI
    Title
    Avaya Aura Utility Services Privilege Escalation Vulnerability
    Summary
    A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Utility Services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
    Create a notification for this product.
    avaya aura_utility_services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
        cpe:2.3:a:avaya:aura_utility_services:7.0.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:avaya:aura_utility_services:7.0.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aura_utility_services",
                "vendor": "avaya",
                "versions": [
                  {
                    "lessThanOrEqual": "7.1.3.8",
                    "status": "affected",
                    "version": "7.0.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-25650",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T16:17:00.498669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T16:19:40.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.avaya.com/css/P8/documents/101072728"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Utility Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.8",
                  "status": "affected",
                  "version": "7.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-24T08:55:25.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.avaya.com/css/P8/documents/101072728"
            }
          ],
          "source": {
            "advisory": "N/A",
            "defect": [
              "PSST-1147"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Avaya Aura Utility Services Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "ID": "CVE-2021-25650",
              "STATE": "PUBLIC",
              "TITLE": "Avaya Aura Utility Services Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avaya Aura Utility Services",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "7.0.0.0",
                                "version_value": "7.1.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.avaya.com/css/P8/documents/101072728",
                  "refsource": "MISC",
                  "url": "https://support.avaya.com/css/P8/documents/101072728"
                }
              ]
            },
            "source": {
              "advisory": "N/A",
              "defect": [
                "PSST-1147"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2021-25650",
        "datePublished": "2021-06-24T08:55:25.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25649 (GCVE-0-2021-25649)

    Vulnerability from nvd – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11 Unsupported When Assigned
    VLAI
    Title
    Avaya Utility Services Sensitive Information Disclosure Vulnerability
    Summary
    An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Utility Services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-25649",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T17:57:50.988184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:35.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.avaya.com/css/P8/documents/101072728"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Utility Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.8",
                  "status": "affected",
                  "version": "7.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200\nCWE-378",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-24T08:55:23.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.avaya.com/css/P8/documents/101072728"
            }
          ],
          "source": {
            "advisory": "N/A",
            "defect": [
              "PSST-1147"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Avaya Utility Services Sensitive Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "ID": "CVE-2021-25649",
              "STATE": "PUBLIC",
              "TITLE": "Avaya Utility Services Sensitive Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avaya Aura Utility Services",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "7.0.0.0",
                                "version_value": "7.1.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200\nCWE-378"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.avaya.com/css/P8/documents/101072728",
                  "refsource": "MISC",
                  "url": "https://support.avaya.com/css/P8/documents/101072728"
                }
              ]
            },
            "source": {
              "advisory": "N/A",
              "defect": [
                "PSST-1147"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2021-25649",
        "datePublished": "2021-06-24T08:55:23.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5285 (GCVE-0-2016-5285)

    Vulnerability from nvd – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    Impacted products
    Date Public
    2016-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94349"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3163-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa137"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Services",
              "vendor": "Mozilla",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24"
                }
              ]
            }
          ],
          "datePublic": "2016-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:53:19.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-5285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
                },
                {
                  "name": "http://www.securityfocus.com/bid/94349",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94349"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
                },
                {
                  "name": "https://security.gentoo.org/glsa/201701-46",
                  "refsource": "MISC",
                  "url": "https://security.gentoo.org/glsa/201701-46"
                },
                {
                  "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
                  "refsource": "MISC",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-3163-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-3163-1"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa137",
                  "refsource": "MISC",
                  "url": "https://bto.bluecoat.com/security-advisory/sa137"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-5285",
        "datePublished": "2019-11-15T15:44:05.000Z",
        "dateReserved": "2016-06-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25651 (GCVE-0-2021-25651)

    Vulnerability from cvelistv5 – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11 Unsupported When Assigned
    VLAI
    Title
    Avaya Aura Utility Services Privilege Escalation Vulnerability
    Summary
    A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Utility Services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.avaya.com/css/P8/documents/101072728"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Utility Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.8",
                  "status": "affected",
                  "version": "7.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-24T08:55:26.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.avaya.com/css/P8/documents/101072728"
            }
          ],
          "source": {
            "advisory": "N/A",
            "defect": [
              "PSST-1147"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Avaya Aura Utility Services Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "ID": "CVE-2021-25651",
              "STATE": "PUBLIC",
              "TITLE": "Avaya Aura Utility Services Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avaya Aura Utility Services",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "7.0.0.0",
                                "version_value": "7.1.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.avaya.com/css/P8/documents/101072728",
                  "refsource": "MISC",
                  "url": "https://support.avaya.com/css/P8/documents/101072728"
                }
              ]
            },
            "source": {
              "advisory": "N/A",
              "defect": [
                "PSST-1147"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2021-25651",
        "datePublished": "2021-06-24T08:55:26.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25650 (GCVE-0-2021-25650)

    Vulnerability from cvelistv5 – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11 Unsupported When Assigned
    VLAI
    Title
    Avaya Aura Utility Services Privilege Escalation Vulnerability
    Summary
    A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Utility Services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
    Create a notification for this product.
    avaya aura_utility_services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
        cpe:2.3:a:avaya:aura_utility_services:7.0.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:avaya:aura_utility_services:7.0.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aura_utility_services",
                "vendor": "avaya",
                "versions": [
                  {
                    "lessThanOrEqual": "7.1.3.8",
                    "status": "affected",
                    "version": "7.0.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-25650",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T16:17:00.498669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T16:19:40.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.avaya.com/css/P8/documents/101072728"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Utility Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.8",
                  "status": "affected",
                  "version": "7.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-24T08:55:25.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.avaya.com/css/P8/documents/101072728"
            }
          ],
          "source": {
            "advisory": "N/A",
            "defect": [
              "PSST-1147"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Avaya Aura Utility Services Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "ID": "CVE-2021-25650",
              "STATE": "PUBLIC",
              "TITLE": "Avaya Aura Utility Services Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avaya Aura Utility Services",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "7.0.0.0",
                                "version_value": "7.1.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.avaya.com/css/P8/documents/101072728",
                  "refsource": "MISC",
                  "url": "https://support.avaya.com/css/P8/documents/101072728"
                }
              ]
            },
            "source": {
              "advisory": "N/A",
              "defect": [
                "PSST-1147"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2021-25650",
        "datePublished": "2021-06-24T08:55:25.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25649 (GCVE-0-2021-25649)

    Vulnerability from cvelistv5 – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11 Unsupported When Assigned
    VLAI
    Title
    Avaya Utility Services Sensitive Information Disclosure Vulnerability
    Summary
    An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Utility Services Affected: 7.0.0.0 , ≤ 7.1.3.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-25649",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T17:57:50.988184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:35.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.avaya.com/css/P8/documents/101072728"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Utility Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.8",
                  "status": "affected",
                  "version": "7.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200\nCWE-378",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-24T08:55:23.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.avaya.com/css/P8/documents/101072728"
            }
          ],
          "source": {
            "advisory": "N/A",
            "defect": [
              "PSST-1147"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Avaya Utility Services Sensitive Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "ID": "CVE-2021-25649",
              "STATE": "PUBLIC",
              "TITLE": "Avaya Utility Services Sensitive Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avaya Aura Utility Services",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "7.0.0.0",
                                "version_value": "7.1.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200\nCWE-378"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.avaya.com/css/P8/documents/101072728",
                  "refsource": "MISC",
                  "url": "https://support.avaya.com/css/P8/documents/101072728"
                }
              ]
            },
            "source": {
              "advisory": "N/A",
              "defect": [
                "PSST-1147"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2021-25649",
        "datePublished": "2021-06-24T08:55:23.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5285 (GCVE-0-2016-5285)

    Vulnerability from cvelistv5 – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    Impacted products
    Date Public
    2016-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94349"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3163-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa137"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Services",
              "vendor": "Mozilla",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24"
                }
              ]
            }
          ],
          "datePublic": "2016-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:53:19.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-5285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
                },
                {
                  "name": "http://www.securityfocus.com/bid/94349",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94349"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
                },
                {
                  "name": "https://security.gentoo.org/glsa/201701-46",
                  "refsource": "MISC",
                  "url": "https://security.gentoo.org/glsa/201701-46"
                },
                {
                  "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
                  "refsource": "MISC",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-3163-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-3163-1"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa137",
                  "refsource": "MISC",
                  "url": "https://bto.bluecoat.com/security-advisory/sa137"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-5285",
        "datePublished": "2019-11-15T15:44:05.000Z",
        "dateReserved": "2016-06-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }