Vendor CVEs
Nokia
All CVEs
149 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36222 | 0.00 | — | 0.00 | Dec 21, 2022 | Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | |||
| CVE-2022-28866 | 0.00 | — | 0.01 | Oct 11, 2022 | Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the… | |||
| CVE-2022-40715 | 0.00 | — | 0.01 | Sep 19, 2022 | An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||
| CVE-2022-40714 | 0.00 | — | 0.00 | Sep 19, 2022 | An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | |||
| CVE-2022-40713 | 0.00 | — | 0.01 | Sep 19, 2022 | An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||
| CVE-2022-40712 | 0.00 | — | 0.00 | Sep 19, 2022 | An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | |||
| CVE-2022-38788 | 0.00 | — | 0.01 | Sep 15, 2022 | An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key). | |||
| CVE-2022-39814 | 0.00 | — | 0.00 | Sep 13, 2022 | In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | |||
| CVE-2022-39816 | 0.00 | — | 0.01 | Sep 13, 2022 | In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | |||
| CVE-2022-39817 | 0.00 | — | 0.01 | Sep 13, 2022 | In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected)… | |||
| CVE-2022-39819 | 0.00 | — | 0.01 | Sep 13, 2022 | In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | |||
| CVE-2022-39821 | 0.00 | — | 0.01 | Sep 13, 2022 | In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | |||
| CVE-2021-41487 | 0.00 | — | 0.02 | Jun 16, 2022 | NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. | |||
| CVE-2022-30903 | 0.00 | — | 0.01 | Jun 14, 2022 | Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | |||
| CVE-2021-35487 | 0.00 | — | 0.01 | May 25, 2022 | Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain… | |||
| CVE-2021-45896 | 0.00 | — | 0.02 | Dec 27, 2021 | Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | |||
| CVE-2021-30003 | 0.00 | — | 0.01 | Apr 2, 2021 | An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | |||
| CVE-2021-26596 | 0.00 | — | 0.01 | Mar 25, 2021 | An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a… | |||
| CVE-2021-26597 | 0.00 | — | 0.01 | Mar 25, 2021 | An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction… | |||
| CVE-2019-20769 | 0.00 | — | 0.00 | Apr 17, 2020 | An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). | |||
| CVE-2020-10264 | 0.00 | — | 0.01 | Apr 6, 2020 | CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally… | |||
| CVE-2019-17406 | 0.00 | — | 0.01 | Nov 25, 2019 | Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | |||
| CVE-2019-17405 | 0.00 | — | 0.01 | Nov 25, 2019 | Nokia IMPACT < 18A: has Reflected self XSS | |||
| CVE-2019-17404 | 0.00 | — | 0.01 | Nov 25, 2019 | Nokia IMPACT < 18A: allows full path disclosure | |||
| CVE-2019-17403 | 0.00 | — | 0.03 | Nov 25, 2019 | Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. | |||
| CVE-2019-14698 | 0.00 | — | 0.04 | Aug 6, 2019 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account. | |||
| CVE-2015-6929 | 0.00 | — | 0.01 | Sep 16, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to… | |||
| CVE-2011-1472 | 0.00 | — | 0.00 | Mar 29, 2011 | The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | |||
| CVE-2010-3374 | 0.00 | — | 0.00 | Oct 4, 2010 | Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||
| CVE-2009-4975 | 0.00 | — | 0.01 | Aug 2, 2010 | Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||
| CVE-2009-2538 | 0.00 | — | 0.03 | Jul 20, 2009 | The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||
| CVE-2008-5827 | 0.00 | — | 0.03 | Jan 2, 2009 | The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. | |||
| CVE-2008-5826 | 0.00 | — | 0.02 | Jan 2, 2009 | The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI. | |||
| CVE-2008-5825 | 0.00 | — | 0.02 | Jan 2, 2009 | The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to… | |||
| CVE-2008-3552 | 0.00 | — | 0.06 | Aug 8, 2008 | Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of… | |||
| CVE-2008-3553 | 0.00 | — | 0.06 | Aug 8, 2008 | Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is… | |||
| CVE-2007-6371 | 0.00 | — | 0.01 | Dec 15, 2007 | Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. | |||
| CVE-2007-2591 | 0.00 | — | 0.02 | May 11, 2007 | usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account… | |||
| CVE-2007-2592 | 0.00 | — | 0.03 | May 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2007-2590 | 0.00 | — | 0.02 | May 11, 2007 | Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1)… | |||
| CVE-2007-0523 | 0.00 | — | 0.01 | Jan 26, 2007 | The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2005-2716 | 0.00 | — | 0.03 | Aug 29, 2005 | The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | |||
| CVE-2004-0143 | 0.00 | — | 0.03 | Mar 3, 2004 | Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. | |||
| CVE-2003-0368 | 0.00 | — | 0.02 | Feb 3, 2004 | Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | |||
| CVE-2003-1189 | 0.00 | — | 0.02 | Oct 29, 2003 | Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2003-0137 | 0.00 | — | 0.01 | Mar 18, 2003 | SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. | |||
| CVE-2003-0103 | 0.00 | — | 0.02 | Mar 7, 2003 | Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | |||
| CVE-2001-1431 | 0.00 | — | 0.01 | Oct 8, 2001 | Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly… | |||
| CVE-2001-0299 | 0.00 | — | 0.02 | Jun 2, 2001 | Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
- CVE-2022-36222Dec 21, 2022risk 0.00cvss —epss 0.00
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.
- CVE-2022-28866Oct 11, 2022risk 0.00cvss —epss 0.01
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the…
- CVE-2022-40715Sep 19, 2022risk 0.00cvss —epss 0.01
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
- CVE-2022-40714Sep 19, 2022risk 0.00cvss —epss 0.00
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.
- CVE-2022-40713Sep 19, 2022risk 0.00cvss —epss 0.01
An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
- CVE-2022-40712Sep 19, 2022risk 0.00cvss —epss 0.00
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.
- CVE-2022-38788Sep 15, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).
- CVE-2022-39814Sep 13, 2022risk 0.00cvss —epss 0.00
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.
- CVE-2022-39816Sep 13, 2022risk 0.00cvss —epss 0.01
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.
- CVE-2022-39817Sep 13, 2022risk 0.00cvss —epss 0.01
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected)…
- CVE-2022-39819Sep 13, 2022risk 0.00cvss —epss 0.01
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system.
- CVE-2022-39821Sep 13, 2022risk 0.00cvss —epss 0.01
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
- CVE-2021-41487Jun 16, 2022risk 0.00cvss —epss 0.02
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
- CVE-2022-30903Jun 14, 2022risk 0.00cvss —epss 0.01
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.
- CVE-2021-35487May 25, 2022risk 0.00cvss —epss 0.01
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain…
- CVE-2021-45896Dec 27, 2021risk 0.00cvss —epss 0.02
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
- CVE-2021-30003Apr 2, 2021risk 0.00cvss —epss 0.01
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
- CVE-2021-26596Mar 25, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a…
- CVE-2021-26597Mar 25, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction…
- CVE-2019-20769Apr 17, 2020risk 0.00cvss —epss 0.00
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).
- CVE-2020-10264Apr 6, 2020risk 0.00cvss —epss 0.01
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally…
- CVE-2019-17406Nov 25, 2019risk 0.00cvss —epss 0.01
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743
- CVE-2019-17405Nov 25, 2019risk 0.00cvss —epss 0.01
Nokia IMPACT < 18A: has Reflected self XSS
- CVE-2019-17404Nov 25, 2019risk 0.00cvss —epss 0.01
Nokia IMPACT < 18A: allows full path disclosure
- CVE-2019-17403Nov 25, 2019risk 0.00cvss —epss 0.03
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.
- CVE-2019-14698Aug 6, 2019risk 0.00cvss —epss 0.04
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.
- CVE-2015-6929Sep 16, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to…
- CVE-2011-1472Mar 29, 2011risk 0.00cvss —epss 0.00
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
- CVE-2010-3374Oct 4, 2010risk 0.00cvss —epss 0.00
Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
- CVE-2009-4975Aug 2, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.
- CVE-2009-2538Jul 20, 2009risk 0.00cvss —epss 0.03
The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
- CVE-2008-5827Jan 2, 2009risk 0.00cvss —epss 0.03
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.
- CVE-2008-5826Jan 2, 2009risk 0.00cvss —epss 0.02
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
- CVE-2008-5825Jan 2, 2009risk 0.00cvss —epss 0.02
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to…
- CVE-2008-3552Aug 8, 2008risk 0.00cvss —epss 0.06
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of…
- CVE-2008-3553Aug 8, 2008risk 0.00cvss —epss 0.06
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is…
- CVE-2007-6371Dec 15, 2007risk 0.00cvss —epss 0.01
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.
- CVE-2007-2591May 11, 2007risk 0.00cvss —epss 0.02
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account…
- CVE-2007-2592May 11, 2007risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML…
- CVE-2007-2590May 11, 2007risk 0.00cvss —epss 0.02
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1)…
- CVE-2007-0523Jan 26, 2007risk 0.00cvss —epss 0.01
The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2005-2716Aug 29, 2005risk 0.00cvss —epss 0.03
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
- CVE-2004-0143Mar 3, 2004risk 0.00cvss —epss 0.03
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.
- CVE-2003-0368Feb 3, 2004risk 0.00cvss —epss 0.02
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
- CVE-2003-1189Oct 29, 2003risk 0.00cvss —epss 0.02
Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.
- CVE-2003-0137Mar 18, 2003risk 0.00cvss —epss 0.01
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
- CVE-2003-0103Mar 7, 2003risk 0.00cvss —epss 0.02
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
- CVE-2001-1431Oct 8, 2001risk 0.00cvss —epss 0.01
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly…
- CVE-2001-0299Jun 2, 2001risk 0.00cvss —epss 0.02
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
Page 3 of 3