31 matches found
EUVD-2025-19693
Malicious code in bioql PyPI...
EUVD-2025-19704
Malicious code in bioql PyPI...
EUVD-2025-19702
Malicious code in bioql PyPI...
CVE-2025-24333
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added...
CVE-2025-24335
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, th...
CVE-2025-24331
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...
CVE-2025-24328
Sending a crafted SOAP "set" operation message within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to...
CVE-2025-24333
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added...
CVE-2025-24331
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...
CVE-2025-24330
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been...
CVE-2025-24335 SOAP message input validation fault could in theory cause OAM service resource exhaustion
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, th...
CVE-2025-24335 SOAP message input validation fault could in theory cause OAM service resource exhaustion
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, th...
CVE-2025-24335
CVE-2025-24335 affects Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP, where a SOAP message input validation flaw could potentially cause resource exhaustion of the OAM service. The issue has not been observed in the wild; Nokia reports the vulnerability is mitigated star...
CVE-2025-24333 Administrative user shell input validation fault
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added...
CVE-2025-24333
CVE-2025-24333 affects Nokia Single RAN baseband software prior to 24R1-SR 1.0 MP. The root cause is an administrative shell input validation fault that could allow an authenticated admin to inject commands into the baseband OAM service process via special characters in the internal COMA_config.x...
CVE-2025-24331 Nokia Single RAN baseband OAM service extensive capabilities
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...
CVE-2025-24331
The CVE-2025-24331 entry concerns Nokia’s Single RAN baseband OAM service. Versions prior to 24R1-SR 0.2 MP start as root and retain capabilities after dropping to unprivileged, potentially enabling actions beyond the intended scope (e.g., root access or modifying root-owned files). The issue has...
CVE-2025-24331 Nokia Single RAN baseband OAM service extensive capabilities
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...
CVE-2025-24330 OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been...
CVE-2025-24330 OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been...