Filtered by vendor Blackberry
Subscribe
Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8997 | 1 Blackberry | 1 Athoc | 2019-04-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | |||||
| CVE-2018-8892 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | |||||
| CVE-2018-8891 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8888 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8889 | 1 Blackberry | 1 Enterprise Mobility Server | 2018-12-04 | 4.7 MEDIUM | 4.7 MEDIUM |
| A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | |||||
| CVE-2014-2533 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2018-10-11 | 7.2 HIGH | N/A |
| /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. | |||||
| CVE-2014-2388 | 1 Blackberry | 5 Blackberry Os, Q10, Q5 and 2 more | 2018-10-09 | 6.1 MEDIUM | N/A |
| The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. | |||||
| CVE-2017-9371 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | |||||
| CVE-2017-9369 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | |||||
| CVE-2017-3893 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 6.4 MEDIUM | 7.5 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks. | |||||
| CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | |||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2017-11-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | |||||
| CVE-2017-9368 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | |||||
| CVE-2015-4111 | 1 Blackberry | 1 Blackberry Link | 2017-09-22 | 6.8 MEDIUM | N/A |
| mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. | |||||
| CVE-2016-1915 | 1 Blackberry | 1 Blackberry Enterprise Service | 2017-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. | |||||
| CVE-2016-1914 | 1 Blackberry | 1 Blackberry Enterprise Service | 2017-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. | |||||
| CVE-2014-1469 | 1 Blackberry | 3 Blackberry Enterprise Service, Enterprise Server, Enterprise Server Express | 2017-08-29 | 4.9 MEDIUM | N/A |
| BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. | |||||
| CVE-2013-6798 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2017-08-29 | 5.8 MEDIUM | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. | |||||
| CVE-2013-3692 | 1 Blackberry | 2 Blackberry Os, Z10 | 2017-08-29 | 6.2 MEDIUM | N/A |
| BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application. | |||||
| CVE-2017-9370 | 1 Blackberry | 1 Workspaces | 2017-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server. | |||||