Filtered by vendor Blackberry
Subscribe
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1469 | 1 Blackberry | 3 Blackberry Enterprise Service, Enterprise Server, Enterprise Server Express | 2025-04-12 | 4.9 MEDIUM | N/A |
|
BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.
|
|||||
| CVE-2015-4111 | 1 Blackberry | 1 Blackberry Link | 2025-04-12 | 6.8 MEDIUM | N/A |
|
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.
|
|||||
| CVE-2014-2533 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2025-04-12 | 7.2 HIGH | N/A |
|
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
|
|||||
| CVE-2014-6611 | 1 Blackberry | 2 Blackberry Os, Blackberry World | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
|
|||||
| CVE-2016-3129 | 1 Blackberry | 1 Good Enterprise Mobility Server | 2025-04-12 | 8.5 HIGH | 6.6 MEDIUM |
|
A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
|
|||||
| CVE-2014-2389 | 1 Blackberry | 2 Blackberry Os, Blackberry Z10 | 2025-04-12 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.
|
|||||
| CVE-2016-1918 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.
|
|||||
| CVE-2016-3126 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2014-2534 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2025-04-12 | 4.9 MEDIUM | N/A |
|
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
|
|||||
| CVE-2015-4112 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
|
|||||
| CVE-2013-3693 | 1 Blackberry | 1 Blackberry Enterprise Service | 2025-04-11 | 7.9 HIGH | N/A |
|
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
|
|||||
| CVE-2013-2688 | 1 Blackberry | 2 Qnx Neutrino Rtos, Qnx Software Development Platform | 2025-04-11 | 5.4 MEDIUM | N/A |
|
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
|
|||||
| CVE-2011-0291 | 1 Blackberry | 1 Blackberry Tablet Os | 2025-04-11 | 7.2 HIGH | N/A |
|
The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive.
|
|||||
| CVE-2013-3692 | 1 Blackberry | 2 Blackberry Os, Z10 | 2025-04-11 | 6.2 MEDIUM | N/A |
|
BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application.
|
|||||
| CVE-2013-2687 | 1 Blackberry | 3 Qnx Momentics Tool Suite, Qnx Neutrino Rtos, Qnx Software Development Platform | 2025-04-11 | 7.8 HIGH | N/A |
|
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
|
|||||
| CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2025-04-11 | 6.8 MEDIUM | N/A |
|
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
|
|||||
| CVE-2013-6798 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2025-04-11 | 5.8 MEDIUM | N/A |
|
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694.
|
|||||
| CVE-2014-1467 | 1 Blackberry | 4 Blackberry Enterprise Service, Blackberry Universal Device Service, Enterprise Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.
|
|||||
| CVE-2008-3024 | 1 Blackberry | 1 Qnx Momentics | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.
|
|||||
| CVE-2008-3246 | 2 Blackberry, Rim | 7 Enterprise Server, Unite, Blackberry Enterprise Server and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.
|
|||||
| CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2025-04-03 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
|
|||||
| CVE-2024-48855 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | N/A | 5.3 MEDIUM |
|
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
|
|||||
| CVE-2024-48854 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | N/A | 5.3 MEDIUM |
|
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
|
|||||
| CVE-2024-48856 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | N/A | 9.8 CRITICAL |
|
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
|
|||||
| CVE-2024-48857 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | N/A | 7.5 HIGH |
|
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
|
|||||
| CVE-2023-21523 | 1 Blackberry | 1 Athoc | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.
|
|||||
| CVE-2023-21522 | 1 Blackberry | 1 Athoc | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.
|
|||||
| CVE-2023-21521 | 1 Blackberry | 1 Athoc | 2024-11-21 | N/A | 7.2 HIGH |
|
An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
|
|||||
| CVE-2023-21520 | 1 Blackberry | 1 Athoc | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.
|
|||||
| CVE-2021-32023 | 1 Blackberry | 1 Protect | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.
|
|||||
| CVE-2021-32022 | 1 Blackberry | 1 Protect | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system.
|
|||||
| CVE-2021-32021 | 1 Blackberry | 1 Protect | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.
|
|||||
| CVE-2021-22155 | 1 Blackberry | 1 Workspaces Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account.
|
|||||
| CVE-2021-22154 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.
|
|||||
| CVE-2021-22153 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
|
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.
|
|||||
| CVE-2021-22152 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
|
|||||
| CVE-2020-6933 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
|
|||||
| CVE-2020-36486 | 4 Apple, Blackberry, Google and 1 more | 4 Iphone Os, Blackberry Os, Android and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.
|
|||||
| CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 274 Iphone Os, Mac Os X, Tvos and 271 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
|
|||||
| CVE-2019-8999 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
|
|||||