Filtered by vendor Nokia
Subscribe
Total
142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6371 | 1 Nokia | 1 N95 | 2025-04-09 | 7.1 HIGH | N/A |
|
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.
|
|||||
| CVE-2008-3553 | 2 Nokia, Sun | 2 Series 40, J2me | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2009-0649 | 1 Nokia | 2 N95, Symbian S60 Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
|
|||||
| CVE-2007-2592 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
|
|||||
| CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
|
|||||
| CVE-2008-5827 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | 7.5 HIGH | N/A |
|
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.
|
|||||
| CVE-2008-5826 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | 7.8 HIGH | N/A |
|
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
|
|||||
| CVE-2007-0523 | 1 Nokia | 1 N70 | 2025-04-09 | 3.3 LOW | N/A |
|
The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
|
|||||
| CVE-2008-4135 | 2 Nokia, S60 | 3 E90 Communicator, N82, Symbian Os | 2025-04-09 | 7.8 HIGH | N/A |
|
Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.
|
|||||
| CVE-2008-5825 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | 2.6 LOW | N/A |
|
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purch ...
Show More |
|||||
| CVE-2008-3552 | 1 Nokia | 1 Series 40 | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-2591 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 7.5 HIGH | N/A |
|
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
|
|||||
| CVE-2009-0734 | 1 Nokia | 1 Nokia Pc Suite | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
|
|||||
| CVE-2009-2538 | 1 Nokia | 4 N810 Internet Tablet, N82, N95 and 1 more | 2025-04-09 | 7.1 HIGH | N/A |
|
The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
|
|||||
| CVE-2001-0299 | 1 Nokia | 1 Ip440 Firewall Vpn Appliance | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
|
|||||
| CVE-2003-0803 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 7.5 HIGH | N/A |
|
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
|
|||||
| CVE-2005-0681 | 1 Nokia | 1 Series | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
|
|||||
| CVE-2005-2716 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
|
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
|
|||||
| CVE-2004-0143 | 1 Nokia | 1 6310i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.
|
|||||
| CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer.
|
|||||
| CVE-2005-1294 | 1 Nokia | 1 Affix | 2025-04-03 | 7.2 HIGH | N/A |
|
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
|
|||||
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
|
|||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
|
|||||
| CVE-2006-0797 | 1 Nokia | 1 N70 | 2025-04-03 | 7.8 HIGH | N/A |
|
Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS).
|
|||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2025-04-03 | 2.6 LOW | N/A |
|
The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.
|
|||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
|
|||||
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2025-04-03 | 10.0 HIGH | N/A |
|
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
|
|||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
|
|||||
| CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
|
|||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
|
|||||
| CVE-2003-1189 | 1 Nokia | 1 Ipso | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.
|
|||||
| CVE-2003-0368 | 1 Nokia | 1 Ggsn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
|
|||||
| CVE-2001-1431 | 2 Checkpoint, Nokia | 3 Firewall-1, Vpn-1, Firewall Appliance | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
|
|||||
| CVE-2023-26061 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
|
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
|
|||||
| CVE-2023-26060 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
|
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
|
|||||
| CVE-2023-26059 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
|
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.
|
|||||
| CVE-2023-26058 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.5 MEDIUM |
|
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
|
|||||
| CVE-2023-26057 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.5 MEDIUM |
|
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
|
|||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2025-02-03 | N/A | 7.8 HIGH |
|
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.
|
|||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2025-01-30 | N/A | 8.8 HIGH |
|
In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.
|
|||||