Filtered by vendor Blackberry
Subscriptions
Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-9368 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2024-09-17 | N/A |
An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | ||||
CVE-2013-2687 | 1 Blackberry | 3 Qnx Momentics Tool Suite, Qnx Neutrino Rtos, Qnx Software Development Platform | 2024-09-17 | N/A |
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868. | ||||
CVE-2017-17442 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-09-17 | N/A |
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. | ||||
CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2024-09-17 | N/A |
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | ||||
CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-09-17 | N/A |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | ||||
CVE-2017-9370 | 1 Blackberry | 1 Workspaces | 2024-09-17 | N/A |
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server. | ||||
CVE-2018-8889 | 1 Blackberry | 1 Enterprise Mobility Server | 2024-09-17 | N/A |
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | ||||
CVE-2017-3891 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-09-16 | N/A |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | ||||
CVE-2013-3693 | 1 Blackberry | 1 Blackberry Enterprise Service | 2024-09-16 | N/A |
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. | ||||
CVE-2017-9371 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-09-16 | N/A |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | ||||
CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 280 Iphone Os, Mac Os X, Tvos and 277 more | 2024-09-16 | 8.1 High |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. | ||||
CVE-2013-2688 | 1 Blackberry | 2 Qnx Neutrino Rtos, Qnx Software Development Platform | 2024-09-16 | N/A |
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file. | ||||
CVE-2017-3893 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-09-16 | N/A |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks. | ||||
CVE-2017-9369 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-09-16 | N/A |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | ||||
CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2024-09-16 | N/A |
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | ||||
CVE-2018-8890 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-09-16 | 7.5 High |
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. | ||||
CVE-2023-32701 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-08-30 | 7.1 High |
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. | ||||
CVE-2024-35214 | 1 Blackberry | 1 Cylanceoptics | 2024-08-21 | N/A |
A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT. | ||||
CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2024-08-08 | 5.5 Medium |
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | ||||
CVE-2008-3246 | 2 Blackberry, Rim | 7 Enterprise Server, Unite, Blackberry Enterprise Server and 4 more | 2024-08-07 | N/A |
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. |