Filtered by vendor Nokia
Subscriptions
Total
142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0681 | 1 Nokia | 1 Series | 2025-04-03 | N/A |
| Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | ||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2025-04-03 | N/A |
| SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. | ||||
| CVE-2006-0797 | 1 Nokia | 1 N70 | 2025-04-03 | N/A |
| Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | ||||
| CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2025-04-03 | N/A |
| Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. | ||||
| CVE-2005-2716 | 1 Nokia | 1 Affix | 2025-04-03 | N/A |
| The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | ||||
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2025-04-03 | N/A |
| Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | ||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | ||||
| CVE-2005-1294 | 1 Nokia | 1 Affix | 2025-04-03 | N/A |
| The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | ||||
| CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | ||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | ||||
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2025-04-03 | N/A |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | ||||
| CVE-2001-0299 | 1 Nokia | 1 Ip440 Firewall Vpn Appliance | 2025-04-03 | N/A |
| Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. | ||||
| CVE-2023-26061 | 1 Nokia | 1 Netact | 2025-02-04 | 6.8 Medium |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2023-26060 | 1 Nokia | 1 Netact | 2025-02-04 | 6.8 Medium |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2023-26059 | 1 Nokia | 1 Netact | 2025-02-04 | 6.8 Medium |
| An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. | ||||
| CVE-2023-26058 | 1 Nokia | 1 Netact | 2025-02-04 | 6.5 Medium |
| An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2023-26057 | 1 Nokia | 1 Netact | 2025-02-04 | 6.5 Medium |
| An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2025-02-03 | 7.8 High |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | ||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2025-01-30 | 8.8 High |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | ||||
| CVE-2022-2482 | 1 Nokia | 4 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware, Asik Airscale 474021a.102 and 1 more | 2025-01-16 | 8.4 High |
| A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. | ||||