VYPR
Vendor

Blackberry

Products
48
CVEs
97
Across products
123
Status
Private

Products

48
View all 48 products →

Recent CVEs

97
View all 97 CVEs →
  • CVE-2017-9367CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

  • CVE-2017-3891CriNov 14, 2017
    risk 0.63cvss 9.6epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take…

  • CVE-2016-1914HigApr 13, 2017
    risk 0.61cvss 8.8epss 0.04

    Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2)…

  • CVE-2017-9370HigAug 9, 2017
    risk 0.57cvss 8.8epss 0.01

    An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.

  • CVE-2016-2433HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.01

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.

  • CVE-2016-3130HigJan 13, 2017
    risk 0.53cvss 8.1epss 0.02

    An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements…

  • CVE-2016-3128HigJan 13, 2017
    risk 0.53cvss 8.2epss 0.02

    A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific…

  • CVE-2026-7791HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission…

  • CVE-2025-0501HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.

  • CVE-2017-9368HigOct 16, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

  • CVE-2016-3127HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining…

  • CVE-2024-51721HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.

  • CVE-2024-35214HigAug 20, 2024
    risk 0.46cvss epss 0.00

    A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT.

  • CVE-2016-1915MedApr 13, 2017
    risk 0.43cvss 6.1epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.

  • CVE-2016-3129MedDec 16, 2016
    risk 0.43cvss 6.6epss 0.03

    A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands…

  • CVE-2024-51722MedNov 12, 2024
    risk 0.42cvss 6.4epss 0.00

    A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to…

  • CVE-2017-17442MedMar 13, 2018
    risk 0.40cvss 6.1epss 0.01

    In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading…

  • CVE-2017-3894MedMay 10, 2017
    risk 0.40cvss 6.1epss 0.01

    A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious…

  • CVE-2017-3890MedJan 13, 2017
    risk 0.40cvss 6.1epss 0.01

    A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user…

  • CVE-2016-3126MedApr 22, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.