304 matches found
CVE-2024-29149
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmwar...
CVE-2024-29150
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are...
CVE-2024-29149
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmwar...
CVE-2024-29150
The CVE affects Alcatel-Lucent ALE NOE deskphones (86x8 NOE-R300.1.40.12.4180 and earlier) and SIP deskphones (86x8_SIP-R200.1.01.10.728 and earlier). The root cause is improper privilege management that allows an authenticated attacker to create symbolic links to sensitive files in debugging dat...
CVE-2024-29149
CVE-2024-29149 affects Alcatel-Lucent ALE NOE deskphones (86x8 NOE-R300.1.40.12.4180 and earlier) and ALE SIP deskphones (86x8 SIP-R200.1.01.10.728 and earlier). The issue is a time‑of‑check time‑of‑use vulnerability that permits an authenticated attacker to replace a verified firmware image with...
PT-2024-22765 · Alcatel Lucent · Alcatel-Lucent Ale Noe Deskphones +1
Name of the Vulnerable Software and Affected Versions: Alcatel-Lucent ALE NOE deskphones versions 86x8 NOE-R300.1.40.12.4180 and earlier Alcatel-Lucent ALE SIP deskphones versions 86x8 SIP-R200.1.01.10.728 and earlier Description: An issue was discovered due to a time-of-check time-of-use...
CVE-2024-29150
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are...
Alcatel-Lucent ALE NOE 安全漏洞
The Alcatel-Lucent ALE NOE is a desktop phone from Alcatel-Lucent. A security vulnerability exists in Alcatel-Lucent ALE NOE versions 86x8NOE-R300.1.40.07.4140, 86x8SIP-R200.1.01.10.728, which stems from a security issue at check time, which could allow an authenticated attacker to replace the...
Alcatel-Lucent ALE NOE 安全漏洞
The Alcatel-Lucent ALE NOE is a desktop phone from Alcatel-Lucent. A security vulnerability exists in Alcatel-Lucent ALE NOE versions 86x8NOE-R300.1.40.07.4140, 86x8SIP-R200.1.01.10.728, which stems from improper privilege management and allows an authenticated attacker to create symbolic links t...
SUSE CVE-2011-2597
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service infinite loop via malformed packets...
[SECURITY] Fedora 32 Update: libpri-1.6.0-9.fc32
libpri is a C implementation of the Primary Rate ISDN specification. It was based on the Bellcore specification SR-NWT-002343 for National ISDN. As of May 12, 2001, it has been tested work to with NI-2, Nortel DMS-100, and Lucent 5E Custom protocols on switches from Nortel and Lucent...
[SECURITY] Fedora 33 Update: libpri-1.6.0-9.fc33
libpri is a C implementation of the Primary Rate ISDN specification. It was based on the Bellcore specification SR-NWT-002343 for National ISDN. As of May 12, 2001, it has been tested work to with NI-2, Nortel DMS-100, and Lucent 5E Custom protocols on switches from Nortel and Lucent...
Alcatel Lucent Stack Overflow (CVE-2019-3922)
A stack overflow vulnerability exists in Alcatel Lucent. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
CVE-2014-3809
Cross-site scripting XSS vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch PSS 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html...
Cross site scripting
Cross-site scripting XSS vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch PSS 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html...
CVE-2014-3809
CVE-2014-3809 describes a reflected cross-site scripting (XSS) vulnerability in the management interface of Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. The root...
CVE-2014-3809
Cross-site scripting XSS vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch PSS 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html...
Alcatel-Lucent OmniVista 4760 Directory Traversal and Insecure File Upload Vulnerability
LE Alcatel-Lucent Omnivista 4760 is a network management system from ALE France. The product includes features such as alarm notification, OmniPCX configuration, performance analysis and Voice over IP monitoring. A security vulnerability exists in the ALE Alcatel-Lucent OmniVista 4760. An attacke...
Alcatel-Lucent OmniVista 8770 Remote Code Execution Vulnerability
The ALE Alcatel-Lucent Omnivista 8770 is a network management system from ALE France. The product includes features such as alarm notification, OmniPCX configuration, performance analysis, and Voice over IP monitoring. A security vulnerability exists in the ALE Alcatel-Lucent OmniVista 8770 prior...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...