Filtered by vendor Nokia
Subscribe
Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0803 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 7.5 HIGH | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. | |||||
| CVE-2005-2716 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
| The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | |||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2025-04-03 | 5.0 MEDIUM | N/A |
| SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2001-0299 | 1 Nokia | 1 Ip440 Firewall Vpn Appliance | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. | |||||
| CVE-2005-1294 | 1 Nokia | 1 Affix | 2025-04-03 | 7.2 HIGH | N/A |
| The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | |||||
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | |||||
| CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | |||||
| CVE-2006-0797 | 1 Nokia | 1 N70 | 2025-04-03 | 7.8 HIGH | N/A |
| Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | |||||
| CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. | |||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2025-04-03 | 2.6 LOW | N/A |
| The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | |||||
| CVE-2003-0368 | 1 Nokia | 1 Ggsn | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | |||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. | |||||
| CVE-2005-0681 | 1 Nokia | 1 Series | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | |||||
| CVE-2003-1189 | 1 Nokia | 1 Ipso | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2023-26061 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||
| CVE-2023-26060 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||
| CVE-2023-26059 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. | |||||
| CVE-2023-26058 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.5 MEDIUM |
| An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||
| CVE-2023-26057 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.5 MEDIUM |
| An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||