An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  

Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.