Vulnerabilities > Nokia > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-24 | CVE-2023-26061 | Cross-site Scripting vulnerability in Nokia Netact 18A An issue was discovered in Nokia NetAct before 22 FP2211. | 5.4 |
| 2022-12-21 | CVE-2022-36221 | Path Traversal vulnerability in Nokia Fastmile Firmware 3Tg00118Abad52 Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | 6.5 |
| 2022-09-13 | CVE-2022-39816 | Insufficiently Protected Credentials vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. | 6.5 |
| 2022-06-14 | CVE-2022-30903 | Cross-site Scripting vulnerability in Nokia G-2425G-A Firmware 3Fe49362Ijhk42 Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | 4.8 |
| 2022-05-25 | CVE-2021-35487 | SQL Injection vulnerability in Nokia Broadcast Message Center Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. | 4.0 |
| 2021-09-20 | CVE-2021-32287 | Out-of-bounds Write vulnerability in Nokia Heif An issue was discovered in heif through v3.6.2. | 6.8 |
| 2021-09-20 | CVE-2021-32288 | Out-of-bounds Write vulnerability in Nokia Heif An issue was discovered in heif through v3.6.2. | 6.8 |
| 2021-09-20 | CVE-2021-32289 | NULL Pointer Dereference vulnerability in Nokia Heif An issue was discovered in heif through through v3.6.2. | 4.3 |
| 2021-03-25 | CVE-2021-26597 | Unrestricted Upload of File with Dangerous Type vulnerability in Nokia Netact 18A An issue was discovered in Nokia NetAct 18A. | 4.0 |
| 2020-01-31 | CVE-2014-3809 | Cross-site Scripting vulnerability in Nokia products Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | 4.3 |