Filtered by vendor Nokia
Subscriptions
Total
113 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2022-12-28 | 6.5 Medium |
Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | ||||
CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2022-12-28 | 8.4 High |
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | ||||
CVE-2019-3920 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2022-12-03 | 8.8 High |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. | ||||
CVE-2019-3919 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2022-12-03 | 8.8 High |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. | ||||
CVE-2019-3918 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2022-12-03 | 9.8 Critical |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. | ||||
CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2022-10-06 | 8.8 High |
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | ||||
CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2022-10-03 | N/A |
Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. | ||||
CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2022-10-03 | N/A |
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | ||||
CVE-2010-3374 | 1 Nokia | 1 Qt Creator | 2022-10-03 | N/A |
Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
CVE-2003-0803 | 1 Nokia | 1 Electronic Documentation | 2022-10-03 | N/A |
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. | ||||
CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | ||||
CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2022-10-03 | N/A |
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | ||||
CVE-2011-0498 | 1 Nokia | 1 Multimedia Player | 2022-10-03 | N/A |
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file. | ||||
CVE-2022-39815 | 1 Nokia | 1 1350 Optical Management System | 2022-10-01 | 9.8 Critical |
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | ||||
CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2022-10-01 | 6.5 Medium |
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | ||||
CVE-2022-39819 | 1 Nokia | 1 1350 Optical Management System | 2022-10-01 | 8.8 High |
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | ||||
CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2022-10-01 | 7.5 High |
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | ||||
CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | 6.1 Medium |
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | ||||
CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | 6.5 Medium |
An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | 6.1 Medium |
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. |