VYPR

Call Management System Server

by Avaya

CVEs (6)

  • CVE-2018-15615HigSep 24, 2018
    risk 0.47cvss 7.2epss 0.00

    A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

  • CVE-2004-1307Dec 21, 2004
    risk 0.01cvss epss 0.06

    Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a…

  • CVE-2025-1041Jun 10, 2025
    risk 0.00cvss epss 0.00

    An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

  • CVE-2023-3527Jul 18, 2023
    risk 0.00cvss epss 0.01

    A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used…

  • CVE-2011-1229Apr 13, 2011
    risk 0.00cvss epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers…

  • CVE-2004-0800Aug 24, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.