Vulnerabilities > Nortel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-02 | CVE-2007-1820 | Remote Security vulnerability in Meridian Mail Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). | 9.3 |
| 2007-02-21 | CVE-2007-1057 | Local Privilege Escalation vulnerability in Nortel SSL VPN Net Direct Client The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. local nortel | 6.9 |
| 2006-12-20 | CVE-2006-6670 | Unspecified vulnerability in Nortel Callpilot Server 4.X Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | 10.0 |
| 2005-12-13 | CVE-2005-4197 | Unspecified vulnerability in Nortel SSL VPN 4.1.2.11/4.1.2.12 tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | 7.5 |
| 2005-08-16 | CVE-2005-2579 | Local Security vulnerability in Nortel Contivity V0501.030 Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. | 7.2 |
| 2005-05-31 | CVE-2005-0356 | Remote Denial Of Service vulnerability in Multiple Vendor TCP Timestamp PAWS Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | 5.0 |
| 2005-05-27 | CVE-2005-1802 | Products Remote Denial of Service vulnerability in Nortel Networks Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | 5.0 |
| 2005-05-02 | CVE-2005-0844 | Cryptographic Issues vulnerability in Nortel Contivity 5.01 Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | 4.6 |
| 2005-01-10 | CVE-2004-1105 | Unspecified vulnerability in Nortel Contivity 4.91 Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | 5.0 |
| 2004-12-31 | CVE-2004-2621 | Unspecified vulnerability in Nortel Contivity Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | 4.0 |