Filtered by vendor Nokia
Subscribe
Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31932 | 1 Nokia | 1 Bts Trs Web Console | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. | |||||
| CVE-2021-41487 | 1 Nokia | 1 Vitalsuite | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. | |||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | |||||
| CVE-2021-35487 | 1 Nokia | 1 Broadcast Message Center | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. | |||||
| CVE-2021-45896 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2022-01-12 | 6.0 MEDIUM | 8.8 HIGH |
| Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | |||||
| CVE-2021-32287 | 1 Nokia | 1 Heif | 2021-10-01 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32288 | 1 Nokia | 1 Heif | 2021-10-01 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32289 | 1 Nokia | 1 Heif | 2021-10-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-30003 | 1 Nokia | 2 G-120w-f, G-120w-f Firmware | 2021-04-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | |||||
| CVE-2021-26597 | 1 Nokia | 1 Netact | 2021-04-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | |||||
| CVE-2021-26596 | 1 Nokia | 1 Netact | 2021-04-01 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | |||||
| CVE-2019-3921 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2020-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code. | |||||
| CVE-2019-3922 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2020-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code. | |||||
| CVE-2019-3917 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | |||||
| CVE-2019-7386 | 2 Kaiostech, Nokia | 3 Kaios, 8810 4g, 8810 4g Firmware | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device. | |||||
| CVE-2014-3809 | 1 Nokia | 6 1830 Photonic Service Switch-16, 1830 Photonic Service Switch-16 Firmware, 1830 Photonic Service Switch-32 and 3 more | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | |||||
| CVE-2019-17403 | 1 Nokia | 1 Impact | 2019-12-04 | 6.5 MEDIUM | 8.8 HIGH |
| Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. | |||||
| CVE-2019-17404 | 1 Nokia | 1 Impact | 2019-12-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nokia IMPACT < 18A: allows full path disclosure | |||||
| CVE-2019-17406 | 1 Nokia | 1 Impact | 2019-12-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | |||||
| CVE-2019-17405 | 1 Nokia | 1 Impact | 2019-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nokia IMPACT < 18A: has Reflected self XSS | |||||