Filtered by vendor Nokia
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2025-04-03 | 10.0 HIGH | N/A |
| Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | |||||
| CVE-2001-1431 | 2 Checkpoint, Nokia | 3 Firewall-1, Vpn-1, Firewall Appliance | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information. | |||||
| CVE-2004-0143 | 1 Nokia | 1 6310i | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. | |||||
| CVE-2003-0803 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 7.5 HIGH | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. | |||||
| CVE-2005-2716 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
| The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | |||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2025-04-03 | 5.0 MEDIUM | N/A |
| SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2001-0299 | 1 Nokia | 1 Ip440 Firewall Vpn Appliance | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. | |||||
| CVE-2005-1294 | 1 Nokia | 1 Affix | 2025-04-03 | 7.2 HIGH | N/A |
| The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | |||||
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | |||||
| CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | |||||
| CVE-2006-0797 | 1 Nokia | 1 N70 | 2025-04-03 | 7.8 HIGH | N/A |
| Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | |||||
| CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. | |||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2025-04-03 | 2.6 LOW | N/A |
| The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | |||||
| CVE-2003-0368 | 1 Nokia | 1 Ggsn | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | |||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. | |||||
| CVE-2005-0681 | 1 Nokia | 1 Series | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | |||||
| CVE-2003-1189 | 1 Nokia | 1 Ipso | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2023-26061 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||
| CVE-2023-26060 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||