CVSS: 7.8EPSS: 6%CPEs: 2EXPL: 2CVE-2009-0649 – Nokia N95-8 browser - 'setAttributeNode' Method Crash
https://notcve.org/view.php?id=CVE-2009-0649
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. El navegador web en Symbian OS en el telefono movil Nokia N95 permite a atacantes remotos producir una denegacion de servicio (caida) a traves de codigo JavaScript que llama al metodo setAttributeNode. • https://www.exploit-db.com/exploits/8051 http://www.securityfocus.com/archive/1/500954/100/0/threaded http://www.securityfocus.com/bid/33767 https://exchange.xforce.ibmcloud.com/vulnerabilities/48763 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2008-5827
https://notcve.org/view.php?id=CVE-2008-5827
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. El teléfono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 instala software una vez termina de descargar un fichero con extensión .JAR, lo que produce una forma sencilla para que los atacantes remotos ejecuten código arbitrario a través de un registro URI manipulado en la una etiqueta NDEF. • http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/44528 • CWE-16: Configuration •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 4CVE-2008-5826
https://notcve.org/view.php?id=CVE-2008-5826
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI. El teléfono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de (1) un valor grande en el campo longitud de un registro NDEF, or por una cierta longitud en la URI del registro NDEF en el campo (2) teléfono o (3) SMS. • http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf http://www.mullin • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 2CVE-2008-5825
https://notcve.org/view.php?id=CVE-2008-5825
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. La implementación del teléfono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 no muestra de forma adecuada el registro URI cuando el registro Title contiene una combinación precisa de los caracteres: espacios, CR (también conocidos como \r), y . (punto), lo que permite a atacantes remotos engañar al usuario a cargar una URI de su elección a través de una etiqueta NDEF manipulada, como se demostró en (1) http: URI para sitio web malicioso, (2) un teléfono: URI para un número de teléfono de tasa premium y (3) un SMS: URI que produce una compra de un tono para el móvil. • http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf http://www.mullin • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 1CVE-2008-4135 – Nokia e90/n82 (s60v3) - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-4135
Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames. Symbian OS S60 3rd edition en el Nokia E90 Communicator y en el Nseries N82 permite a atacantes remotos provocar una denegación de servicio (device crash) a través de múltiples marcos (frames) de desautenticación (DeAuth). • https://www.exploit-db.com/exploits/6459 http://secunia.com/advisories/31857 http://securityreason.com/securityalert/4278 http://www.securityfocus.com/bid/31175 http://www.vupen.com/english/advisories/2008/2599 https://exchange.xforce.ibmcloud.com/vulnerabilities/45158 • CWE-399: Resource Management Errors •