16 matches found
CVE-2023-25186
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...
CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
CVE-2023-25186
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...
CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
Path traversal
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...
Design/Logic Flaw
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
CVE-2023-25186
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...
CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
CVE-2023-25186
CVE-2023-25186 affects Nokia Airscale ASIKA Single RAN devices prior to 21B. A directory traversal in the AaShell diagnostic tool can expose the BTS baseband unit internal filesystem if security hardenings are removed by a CSP BTS administrator, with AaShell by default disabled. Impact described ...
CVE-2023-25188
CVE-2023-25188 affects Nokia Airscale ASIKA Single RAN devices before 21B. If security hardenings are removed by a CSP, the AaShell diagnostic tool, which is disabled by default, can allow unauthenticated access from the BTS management network to the embedded Linux OS. This is a local impact risk...
SUSE-SU-2020:0831-1 Security update for mariadb
This update for mariadb to version 10.2.31 GA fixes the following issues: MariaDB was updated to version 10.2.31 GA bsc1162388 and bsc1156669. Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client bsc1162388. -...
OPENSUSE-SU-2020:0289-1 Security update for mariadb
This update for mariadb fixes the following issues: MariaDB was updated to version 10.2.31 GA bsc1162388. Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client bsc1162388. - CVE-2019-18901: Fixed an unsafe path handling...
SUSE-SU-2020:0496-1 Security update for mariadb
This update for mariadb fixes the following issues: MariaDB was updated to version 10.2.31 GA bsc1162388. Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client bsc1162388. - CVE-2019-18901: Fixed an unsafe path handling...
SUSE-SU-2018:1638-1 Security update for mailman
This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery CSRF vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option bsc995352. - Vario...
openSUSE Security Update : dbus-1 / dbus-1-x11 (openSUSE-2015-150)
dbus-1, dbus-1-x11 were updated to version 1.8.16 to fix one security issue. This update fixes the following security issue : - CVE-2015-0245: Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of...
WordPress 3.5.1 Cross Site Scripting
Hello list! These are Cross-Site Scripting vulnerabilities in WordPress. Which I've disclosed last week. At WordPress 3.5.2 release, WP developers mentioned about three holes as "security hardenings" to decrease their importance and to make it looks like there were less fixed holes. One of these...