CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

441 matches found

Alcatel-Lucent OmniPCX - Remote Command Execution

The OmniPCX web interface has a script "masterCGI" with a remote command execution vulnerability via the "user" parameter. id: CVE-2007-3010 info: name: Alcatel-Lucent OmniPCX - Remote Command Execution author: king-alexander severity: critical description: | The OmniPCX web interface has a scrip...

10CVSS7.5AI score0.97407EPSS

Exploits8References5

RedhatCVE•added 2026/01/09 11:23 a.m.•6 views

CVE-2021-31795

The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR...

7CVSS6.8AI score0.00363EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:8 a.m.•8 views

CVE-2019-20049

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...

10CVSS7.9AI score0.12805EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:7 a.m.•7 views

CVE-2019-20047

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...

7.5CVSS7AI score0.02706EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•10 views

CVE-2019-20048

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...

9CVSS7.8AI score0.05818EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:36 a.m.•7 views

CVE-2019-7163

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40LU02.0002 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password...

9.8CVSS7.4AI score0.02139EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:33 a.m.•4 views

CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

7.2CVSS8AI score0.01123EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:30 a.m.•7 views

CVE-2019-16241

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...

6.8CVSS7.1AI score0.00478EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:30 a.m.•9 views

CVE-2019-16243

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...

6.1CVSS6.9AI score0.00746EPSS

Exploits1References1