Vendor CVEs
Nokia
All CVEs
149 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34037 | Cri | 0.75 | — | 0.85 | Jun 24, 2025 | An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization,… | ||
| CVE-2025-9962 | Cri | 0.65 | — | 0.01 | Sep 23, 2025 | A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||
| CVE-2025-9963 | Cri | 0.61 | — | 0.00 | Sep 23, 2025 | A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build … | ||
| CVE-2025-9965 | Cri | 0.60 | — | 0.01 | Sep 23, 2025 | Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||
| CVE-2023-49564 | Hig | 0.57 | 8.8 | 0.00 | Sep 18, 2025 | The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without… | ||
| CVE-2025-9964 | Hig | 0.56 | — | 0.00 | Sep 23, 2025 | No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||
| CVE-2023-49565 | Hig | 0.55 | 8.4 | 0.01 | Sep 18, 2025 | The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen… | ||
| CVE-2025-24818 | Hig | 0.52 | 8.0 | 0.01 | Apr 7, 2026 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application. | ||
| CVE-2025-24817 | Hig | 0.52 | 8.0 | 0.01 | Apr 7, 2026 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application. | ||
| CVE-2025-9974 | Hig | 0.52 | 8.0 | 0.00 | Feb 2, 2026 | The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able… | ||
| CVE-2025-9966 | Hig | 0.47 | — | 0.00 | Sep 23, 2025 | Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||
| CVE-2023-6729 | Hig | 0.47 | 7.3 | 0.00 | Oct 17, 2024 | Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files… | ||
| CVE-2023-38293 | Hig | 0.47 | 7.3 | 0.01 | Apr 22, 2024 | Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context… | ||
| CVE-2025-24332 | Hig | 0.46 | 7.1 | 0.00 | Jul 2, 2025 | Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the… | ||
| CVE-2022-45899 | Med | 0.42 | 6.5 | 0.01 | May 8, 2026 | Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. | ||
| CVE-2025-0980 | Med | 0.42 | 6.4 | 0.00 | Jan 7, 2026 | Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials. | ||
| CVE-2025-62759 | Med | 0.42 | 6.5 | 0.00 | Dec 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series series allows Stored XSS.This issue affects Series: from n/a through <= 2.0.1. | ||
| CVE-2025-24333 | Med | 0.42 | 6.4 | 0.00 | Jul 2, 2025 | Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via… | ||
| CVE-2025-24331 | Med | 0.42 | 6.4 | 0.00 | Jul 2, 2025 | The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive… | ||
| CVE-2025-24330 | Med | 0.42 | 6.4 | 0.00 | Jul 2, 2025 | Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0… | ||
| CVE-2025-24329 | Med | 0.42 | 6.4 | 0.00 | Jul 2, 2025 | Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0… | ||
| CVE-2019-7386 | Med | 0.42 | 6.5 | 0.04 | Mar 21, 2019 | A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the… | ||
| CVE-2025-9912 | Med | 0.41 | 6.3 | 0.00 | Jun 16, 2026 | Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege. | ||
| CVE-2025-10262 | Med | 0.41 | 6.3 | 0.00 | Jun 16, 2026 | Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges. | ||
| CVE-2025-24819 | Med | 0.37 | 5.7 | 0.00 | Apr 7, 2026 | Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application. | ||
| CVE-2023-38299 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2024 | Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from… | ||
| CVE-2025-24328 | Med | 0.27 | 4.2 | 0.00 | Jul 2, 2025 | Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue… | ||
| CVE-2025-24334 | Low | 0.21 | 3.3 | 0.00 | Jul 2, 2025 | The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network. | ||
| CVE-2023-6728 | Low | 0.21 | 3.3 | 0.00 | Oct 17, 2024 | Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | ||
| CVE-2023-25189 | Low | 0.21 | 3.3 | 0.00 | Sep 25, 2024 | BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via… | ||
| CVE-2025-24335 | Low | 0.13 | 2.0 | 0.00 | Jul 2, 2025 | Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for… | ||
| CVE-2025-7432 | Low | 0.07 | — | 0.00 | Feb 9, 2026 | DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack. | ||
| CVE-2009-0649 | 0.04 | — | 0.08 | Feb 20, 2009 | The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. | |||
| CVE-2005-2277 | 0.04 | — | 0.13 | Jul 15, 2005 | Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | |||
| CVE-2005-2250 | 0.04 | — | 0.10 | Jul 13, 2005 | Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||
| CVE-2023-25187 | 0.03 | — | 0.01 | Jun 16, 2023 | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS… | |||
| CVE-2012-2442 | 0.03 | — | 0.03 | Jul 25, 2012 | Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | |||
| CVE-2011-0498 | 0.03 | — | 0.06 | Jan 20, 2011 | Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file. | |||
| CVE-2009-0734 | 0.03 | — | 0.05 | Feb 25, 2009 | Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | |||
| CVE-2008-4135 | 0.03 | — | 0.04 | Sep 19, 2008 | Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames. | |||
| CVE-2006-4464 | 0.03 | — | 0.03 | Aug 31, 2006 | The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. | |||
| CVE-2006-0797 | 0.03 | — | 0.04 | Feb 19, 2006 | Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet,… | |||
| CVE-2005-1294 | 0.03 | — | 0.01 | Apr 24, 2005 | The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | |||
| CVE-2005-0681 | 0.03 | — | 0.03 | Mar 6, 2005 | Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | |||
| CVE-2003-0802 | 0.03 | — | 0.06 | Oct 6, 2003 | Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | |||
| CVE-2003-0801 | 0.03 | — | 0.03 | Oct 6, 2003 | Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | |||
| CVE-2003-0803 | 0.03 | — | 0.05 | Oct 6, 2003 | Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. | |||
| CVE-2022-39815 | 0.01 | — | 0.02 | Sep 13, 2022 | In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | |||
| CVE-2021-31932 | 0.01 | — | 0.22 | Feb 11, 2022 | Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. | |||
| CVE-2019-14708 | 0.01 | — | 0.04 | Aug 6, 2019 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account. |
- risk 0.75cvss —epss 0.85
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization,…
- risk 0.65cvss —epss 0.01
A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
- risk 0.61cvss —epss 0.00
A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build …
- risk 0.60cvss —epss 0.01
Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
- risk 0.57cvss 8.8epss 0.00
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without…
- risk 0.56cvss —epss 0.00
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
- risk 0.55cvss 8.4epss 0.01
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen…
- risk 0.52cvss 8.0epss 0.01
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
- risk 0.52cvss 8.0epss 0.01
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
- risk 0.52cvss 8.0epss 0.00
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able…
- risk 0.47cvss —epss 0.00
Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
- risk 0.47cvss 7.3epss 0.00
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files…
- risk 0.47cvss 7.3epss 0.01
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context…
- risk 0.46cvss 7.1epss 0.00
Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the…
- risk 0.42cvss 6.5epss 0.01
Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.
- risk 0.42cvss 6.4epss 0.00
Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series series allows Stored XSS.This issue affects Series: from n/a through <= 2.0.1.
- risk 0.42cvss 6.4epss 0.00
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via…
- risk 0.42cvss 6.4epss 0.00
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive…
- risk 0.42cvss 6.4epss 0.00
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0…
- risk 0.42cvss 6.4epss 0.00
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0…
- risk 0.42cvss 6.5epss 0.04
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the…
- risk 0.41cvss 6.3epss 0.00
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.
- risk 0.41cvss 6.3epss 0.00
Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.
- risk 0.37cvss 5.7epss 0.00
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
- risk 0.36cvss 5.5epss 0.00
Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from…
- risk 0.27cvss 4.2epss 0.00
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue…
- risk 0.21cvss 3.3epss 0.00
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.
- risk 0.21cvss 3.3epss 0.00
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
- risk 0.21cvss 3.3epss 0.00
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via…
- risk 0.13cvss 2.0epss 0.00
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for…
- risk 0.07cvss —epss 0.00
DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.
- CVE-2009-0649Feb 20, 2009risk 0.04cvss —epss 0.08
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
- CVE-2005-2277Jul 15, 2005risk 0.04cvss —epss 0.13
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
- CVE-2005-2250Jul 13, 2005risk 0.04cvss —epss 0.10
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
- CVE-2023-25187Jun 16, 2023risk 0.03cvss —epss 0.01
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS…
- CVE-2012-2442Jul 25, 2012risk 0.03cvss —epss 0.03
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
- CVE-2011-0498Jan 20, 2011risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.
- CVE-2009-0734Feb 25, 2009risk 0.03cvss —epss 0.05
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
- CVE-2008-4135Sep 19, 2008risk 0.03cvss —epss 0.04
Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.
- CVE-2006-4464Aug 31, 2006risk 0.03cvss —epss 0.03
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
- CVE-2006-0797Feb 19, 2006risk 0.03cvss —epss 0.04
Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet,…
- CVE-2005-1294Apr 24, 2005risk 0.03cvss —epss 0.01
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
- CVE-2005-0681Mar 6, 2005risk 0.03cvss —epss 0.03
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
- CVE-2003-0802Oct 6, 2003risk 0.03cvss —epss 0.06
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
- CVE-2003-0801Oct 6, 2003risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
- CVE-2003-0803Oct 6, 2003risk 0.03cvss —epss 0.05
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
- CVE-2022-39815Sep 13, 2022risk 0.01cvss —epss 0.02
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system.
- CVE-2021-31932Feb 11, 2022risk 0.01cvss —epss 0.22
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character.
- CVE-2019-14708Aug 6, 2019risk 0.01cvss —epss 0.04
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.
Page 1 of 3