Filtered by vendor Nokia
Subscriptions
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41487 | 1 Nokia | 1 Vitalsuite | 2024-08-04 | 9.8 Critical |
| NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. | ||||
| CVE-2021-35487 | 1 Nokia | 1 Broadcast Message Center | 2024-08-04 | 6.5 Medium |
| Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. | ||||
| CVE-2021-32288 | 1 Nokia | 1 Heif | 2024-08-03 | 7.8 High |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32287 | 1 Nokia | 1 Heif | 2024-08-03 | 7.8 High |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32289 | 1 Nokia | 1 Heif | 2024-08-03 | 5.5 Medium |
| An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service. | ||||
| CVE-2021-31932 | 1 Nokia | 1 Bts Trs Web Console | 2024-08-03 | 9.8 Critical |
| Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. | ||||
| CVE-2021-30003 | 1 Nokia | 2 G-120w-f, G-120w-f Firmware | 2024-08-03 | 4.8 Medium |
| An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | ||||
| CVE-2021-26597 | 1 Nokia | 1 Netact | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | ||||
| CVE-2021-26596 | 1 Nokia | 1 Netact | 2024-08-03 | 5.4 Medium |
| An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | ||||
| CVE-2022-43675 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. | ||||
| CVE-2022-41761 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.5 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. | ||||
| CVE-2022-41760 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.5 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. | ||||
| CVE-2022-41763 | 1 Nokia | 1 Access Management System | 2024-08-03 | 8.8 High |
| An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service. | ||||
| CVE-2022-41762 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. | ||||
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | ||||
| CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | ||||
| CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 7.5 High |
| In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | ||||
| CVE-2022-39820 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.5 Medium |
| In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | ||||