Filtered by vendor Nortel
Subscribe
Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2332 | 1 Nortel | 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more | 2023-12-10 | 9.0 HIGH | N/A |
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. | |||||
CVE-2007-1820 | 1 Nortel | 2 Callpilot, Meridian Mail | 2023-12-10 | 9.3 HIGH | N/A |
Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
CVE-2007-5591 | 1 Nortel | 6 Communications Server, Meridian Option 11c, Meridian Option 51c and 3 more | 2023-12-10 | 7.8 HIGH | N/A |
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports. | |||||
CVE-2007-2886 | 1 Nortel | 1 Communications Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. | |||||
CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | |||||
CVE-2005-0356 | 9 Alaxala, Cisco, F5 and 6 more | 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | |||||
CVE-2005-4197 | 1 Nortel | 1 Ssl Vpn | 2023-12-10 | 7.5 HIGH | N/A |
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | |||||
CVE-2005-0844 | 1 Nortel | 1 Contivity | 2023-12-10 | 4.6 MEDIUM | N/A |
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | |||||
CVE-2004-2621 | 1 Nortel | 1 Contivity | 2023-12-10 | 4.0 MEDIUM | N/A |
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | |||||
CVE-2004-1105 | 1 Nortel | 1 Contivity | 2023-12-10 | 5.0 MEDIUM | N/A |
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | |||||
CVE-2005-2579 | 1 Nortel | 1 Contivity | 2023-12-10 | 7.2 HIGH | N/A |
Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. | |||||
CVE-2004-2549 | 1 Nortel | 3 Wlan Access Point 2220, Wlan Access Point 2221, Wlan Access Point 2225 | 2023-12-10 | 5.0 MEDIUM | N/A |
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. | |||||
CVE-2005-1802 | 1 Nortel | 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | |||||
CVE-2004-0839 | 3 Avaya, Microsoft, Nortel | 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". | |||||
CVE-2000-0063 | 1 Nortel | 1 Contivity | 2023-12-10 | 5.0 MEDIUM | N/A |
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. | |||||
CVE-2000-0009 | 1 Nortel | 1 Optivity Net Architect | 2023-12-10 | 7.2 HIGH | N/A |
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. | |||||
CVE-2000-0221 | 1 Nortel | 1 Nautica Marlin | 2023-12-10 | 5.0 MEDIUM | N/A |
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. | |||||
CVE-2003-1115 | 1 Nortel | 1 Succession Communication Server 2000 | 2023-12-10 | 7.5 HIGH | N/A |
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
CVE-2002-0209 | 1 Nortel | 1 Alteon Acedirector | 2023-12-10 | 5.0 MEDIUM | N/A |
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. | |||||
CVE-2004-1305 | 2 Microsoft, Nortel | 19 Windows 2000, Windows 2003 Server, Windows 98 and 16 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. |