CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Nokia : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-2442 119 2 DoS Overflow 2012-07-25 2012-07-30
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
2 CVE-2011-1472 287 Bypass 2011-03-29 2011-04-08
7.2
None Local Low Not required Complete Complete Complete
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
3 CVE-2011-0498 119 1 DoS Exec Code Overflow 2011-01-20 2011-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.
4 CVE-2010-3374 +Priv 2010-10-04 2010-10-05
6.9
None Local Medium Not required Complete Complete Complete
Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
5 CVE-2009-4975 79 XSS 2010-08-02 2010-08-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.
6 CVE-2009-2538 399 1 DoS 2009-07-20 2009-09-04
7.1
None Remote Medium Not required None None Complete
The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
7 CVE-2009-0734 119 Exec Code Overflow 2009-02-25 2009-02-25
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
8 CVE-2009-0649 1 DoS 2009-02-20 2009-06-25
7.8
None Remote Low Not required None None Complete
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
9 CVE-2008-5827 16 Exec Code 2009-01-02 2009-03-18
7.5
User Remote Low Not required Partial Partial Partial
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.
10 CVE-2008-5826 20 DoS 2009-01-02 2009-03-18
7.8
None Remote Low Not required None None Complete
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
11 CVE-2008-5825 59 2009-01-02 2009-03-18
2.6
None Remote High Not required None Partial None
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.
12 CVE-2008-3552 Exec Code 2008-08-08 2009-03-18
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13 CVE-2007-6371 20 DoS 2007-12-14 2008-09-05
7.1
None Remote Medium Not required None None Complete
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.
14 CVE-2007-2592 XSS 2007-05-11 2012-10-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
15 CVE-2007-2591 DoS 2007-05-11 2012-10-30
7.5
User Remote Low Not required Partial Partial Partial
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
16 CVE-2007-2590 200 +Info 2007-05-11 2012-10-30
6.4
None Remote Low Not required Partial Partial None
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
17 CVE-2007-0523 20 DoS 2007-01-25 2010-07-02
3.3
None Local Network Low Not required None None Partial
The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
18 CVE-2006-4464 DoS 2006-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
19 CVE-2006-0797 DoS Overflow 2006-02-19 2008-09-05
7.8
None Remote Low Not required None None Complete
Nokia N70 cell phone allows remote attackers to caues a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS).
20 CVE-2005-3093 DoS 2005-09-28 2008-09-05
5.0
None Remote Low Not required None None Partial
Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer.
21 CVE-2005-2716 Exec Code 2005-08-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
22 CVE-2005-2277 Exec Code 2005-07-15 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
23 CVE-2005-2250 Exec Code Overflow 2005-07-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
24 CVE-2005-1801 DoS 2005-05-26 2008-09-10
2.6
None Remote High Not required None None Partial
The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.
25 CVE-2005-1294 +Priv 2005-04-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
26 CVE-2005-0681 DoS 2005-03-06 2013-08-29
5.0
None Remote Low Not required None None Partial
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
27 CVE-2004-0143 DoS Overflow 2004-03-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.
28 CVE-2003-1189 DoS 2003-10-29 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.
29 CVE-2003-0803 2003-10-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
30 CVE-2003-0802 2003-10-06 2008-09-10
5.0
None Remote Low Not required Partial None None
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
31 CVE-2003-0801 79 XSS 2003-10-06 2008-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
32 CVE-2003-0368 20 DoS 2004-02-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
33 CVE-2003-0137 2003-03-18 2008-09-10
5.0
None Remote Low Not required Partial None None
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
34 CVE-2003-0103 DoS 2003-03-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
35 CVE-2001-1431 2001-10-08 2008-09-05
5.0
None Remote Low Not required Partial None None
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
36 CVE-2001-0299 DoS Exec Code Overflow 2001-06-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.