Filtered by vendor Nokia
Subscribe
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 8.4 HIGH |
| Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | |||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 6.5 MEDIUM |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | |||||
| CVE-2015-6929 | 1 Nokia | 1 \@vantage Commander | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp. | |||||
| CVE-2012-2442 | 1 Nokia | 1 Pc Suite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | |||||
| CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2025-04-11 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | |||||
| CVE-2011-1472 | 1 Nokia | 2 E75, E75 Firmware | 2025-04-11 | 7.2 HIGH | N/A |
| The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | |||||
| CVE-2011-0498 | 1 Nokia | 1 Multimedia Player | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file. | |||||
| CVE-2009-4975 | 1 Nokia | 1 Qtdemobrowser | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||||
| CVE-2010-3374 | 1 Nokia | 1 Qt Creator | 2025-04-11 | 6.9 MEDIUM | N/A |
| Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2007-0523 | 1 Nokia | 1 N70 | 2025-04-09 | 3.3 LOW | N/A |
| The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
| CVE-2009-0734 | 1 Nokia | 1 Nokia Pc Suite | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | |||||
| CVE-2007-2591 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 7.5 HIGH | N/A |
| usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. | |||||
| CVE-2008-3552 | 1 Nokia | 1 Series 40 | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-6371 | 1 Nokia | 1 N95 | 2025-04-09 | 7.1 HIGH | N/A |
| Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. | |||||
| CVE-2008-5827 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | 7.5 HIGH | N/A |
| The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. | |||||
| CVE-2008-4135 | 2 Nokia, S60 | 3 E90 Communicator, N82, Symbian Os | 2025-04-09 | 7.8 HIGH | N/A |
| Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames. | |||||
| CVE-2009-0649 | 1 Nokia | 2 N95, Symbian S60 Browser | 2025-04-09 | 7.8 HIGH | N/A |
| The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. | |||||
| CVE-2007-2592 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. | |||||
| CVE-2008-5825 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | 2.6 LOW | N/A |
| The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. | |||||
| CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 6.4 MEDIUM | N/A |
| Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. | |||||