CVSS: 10.0EPSS: 11%CPEs: 3EXPL: 0CVE-2008-3553
https://notcve.org/view.php?id=CVE-2008-3553
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en dispositivos Nokia Series 40 3rd edition permiten a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, posiblemente relacionado con privilegios de escalado MIDP y la persistencia MIDlets, también conocido como "CUESTIONES 3-10". NOTA:a fecha 07/08/2008, la única revelación es un vago preaviso sin información de uso inmediato. • http://www.security-explorations.com/n2press.htm http://www.security-explorations.com/n2srp.htm http://www.security-explorations.com/n2vendors.htm http://www.security-explorations.com/report_toc.pdf http://www.securityfocus.com/archive/1/495224/100/0/threaded http://www.securityfocus.com/bid/30591 http://www.securityfocus.com/bid/30592 https://exchange.xforce.ibmcloud.com/vulnerabilities/44437 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2008-3552
https://notcve.org/view.php?id=CVE-2008-3552
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en dispositivos Series 40 3rd edition FP1 de Nokia, y posiblemente dispositivos posteriores, permiten a los atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos, probablemente relacionados con la escalada de privilegios MIDP y MIDlets persistentes, también se conoce como "ISSUES 11-15". NOTA: a partir de 20080807, la única divulgación es un pre-aviso vago sin información procesable. • http://www.security-explorations.com/n2press.htm http://www.security-explorations.com/n2srp.htm http://www.security-explorations.com/n2vendors.htm http://www.security-explorations.com/report_toc.pdf http://www.securityfocus.com/archive/1/495224/100/0/threaded http://www.securityfocus.com/bid/30591 http://www.securityfocus.com/bid/30592 https://exchange.xforce.ibmcloud.com/vulnerabilities/44438 •
CVSS: 7.1EPSS: 1%CPEs: 1EXPL: 2CVE-2007-6371
https://notcve.org/view.php?id=CVE-2007-6371
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. El teléfono móvil Nokia N95, con firmware RM-159 12.0.013, permite que atacantes remotos provoquen una denegación de servicio (inoperabilidad del dispositivo) a través de un mensaje SIP INVITE, acompañado de un posterior SIP CANCEL, seguido a su vez de un segundo SIP INVITE en una sesión diferente. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058839.html http://www.securityfocus.com/bid/26726 http://www.vupen.com/english/advisories/2007/4113 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 1CVE-2007-2590
https://notcve.org/view.php?id=CVE-2007-2590
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permite a atacantes remotos obtener nombres de usuario y otra información sensible mediante una petición directa al (1) usrmgr/userList.asp o (2) al usrmgr/userStatusList.asp. • http://osvdb.org/34514 http://secunia.com/advisories/25212 http://securityreason.com/securityalert/2689 http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.vupen.com/english/advisories/2007/1727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2007-2591
https://notcve.org/view.php?id=CVE-2007-2591
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. El usrmgr/userList.asp en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permite a atacantes remotos modificar detalles de la cuenta del usuario y causar una denegación de servicio (desactivación de la cuenta) a través del parámetro userid en una acción de la actualización. • http://osvdb.org/34513 http://secunia.com/advisories/25212 http://securityreason.com/securityalert/2689 http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.vupen.com/english/advisories/2007/1727 •