Vulnerabilities > Nortel > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-0844 Cryptographic Issues vulnerability in Nortel Contivity 5.01
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.
local
low complexity
nortel CWE-310
4.6
2005-01-10 CVE-2004-1105 Unspecified vulnerability in Nortel Contivity 4.91
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.
network
low complexity
nortel
5.0
2004-12-31 CVE-2004-2621 Unspecified vulnerability in Nortel Contivity
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
network
high complexity
nortel
4.0
2004-12-31 CVE-2004-2549 Denial Of Service vulnerability in Nortel products
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
network
low complexity
nortel
5.0
2004-12-23 CVE-2004-1305 The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
network
low complexity
nortel microsoft
5.0
2004-12-15 CVE-2004-1319 The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
network
low complexity
nortel microsoft
5.0
2004-08-18 CVE-2004-0839 Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
network
low complexity
microsoft avaya nortel
5.0
2002-05-16 CVE-2002-0209 Unspecified vulnerability in Nortel Alteon Acedirector 9.0
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
network
low complexity
nortel
5.0
2000-02-25 CVE-2000-0221 Unspecified vulnerability in Nortel Nautica Marlin
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.
network
low complexity
nortel
5.0
2000-01-17 CVE-2000-0064 Unspecified vulnerability in Nortel Contivity 1.0
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.
network
low complexity
nortel
5.0