70 matches found
CVE-2023-25185
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating syst...
EUVD-2023-29149
Malicious code in bioql PyPI...
EUVD-2025-19702
Malicious code in bioql PyPI...
EUVD-2025-19701
Malicious code in bioql PyPI...
EUVD-2025-19693
Malicious code in bioql PyPI...
EUVD-2025-19725
Malicious code in bioql PyPI...
EUVD-2025-19700
Malicious code in bioql PyPI...
CVE-2025-24333
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added...
CVE-2025-24334
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...
CVE-2025-24332
Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity board...
CVE-2025-24335
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, th...
CVE-2025-24331
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...
CVE-2025-24328
Sending a crafted SOAP "set" operation message within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to...
CVE-2025-24335
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, th...
CVE-2025-24333
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added...
CVE-2025-24334
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...
CVE-2025-24330
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been...
CVE-2025-24329
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has bee...
CVE-2025-24335 SOAP message input validation fault could in theory cause OAM service resource exhaustion
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, th...
CVE-2025-24335
CVE-2025-24335 affects Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP, where a SOAP message input validation flaw could potentially cause resource exhaustion of the OAM service. The issue has not been observed in the wild; Nokia reports the vulnerability is mitigated star...