VYPR

Vendor CVEs

Blackberry

All CVEs

97 total · sorted by risk
  • CVE-2017-9367CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

  • CVE-2017-3891CriNov 14, 2017
    risk 0.63cvss 9.6epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take…

  • CVE-2016-1914HigApr 13, 2017
    risk 0.61cvss 8.8epss 0.04

    Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2)…

  • CVE-2017-9370HigAug 9, 2017
    risk 0.57cvss 8.8epss 0.01

    An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.

  • CVE-2016-2433HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.01

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.

  • CVE-2016-3130HigJan 13, 2017
    risk 0.53cvss 8.1epss 0.02

    An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements…

  • CVE-2016-3128HigJan 13, 2017
    risk 0.53cvss 8.2epss 0.02

    A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific…

  • CVE-2026-7791HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission…

  • CVE-2025-0501HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.

  • CVE-2017-9368HigOct 16, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

  • CVE-2016-3127HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining…

  • CVE-2024-51721HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.

  • CVE-2024-35214HigAug 20, 2024
    risk 0.46cvss epss 0.00

    A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT.

  • CVE-2016-1915MedApr 13, 2017
    risk 0.43cvss 6.1epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.

  • CVE-2016-3129MedDec 16, 2016
    risk 0.43cvss 6.6epss 0.03

    A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands…

  • CVE-2024-51722MedNov 12, 2024
    risk 0.42cvss 6.4epss 0.00

    A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to…

  • CVE-2017-17442MedMar 13, 2018
    risk 0.40cvss 6.1epss 0.01

    In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading…

  • CVE-2017-3894MedMay 10, 2017
    risk 0.40cvss 6.1epss 0.01

    A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious…

  • CVE-2017-3890MedJan 13, 2017
    risk 0.40cvss 6.1epss 0.01

    A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user…

  • CVE-2016-3126MedApr 22, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2016-1918MedApr 22, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.

  • CVE-2016-1917MedApr 22, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.

  • CVE-2002-0793MedAug 12, 2002
    risk 0.39cvss 5.5epss 0.01

    Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample…

  • CVE-2016-1916MedApr 22, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to…

  • CVE-2024-51720MedNov 12, 2024
    risk 0.31cvss 4.8epss 0.00

    An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number.

  • CVE-2018-8889MedSep 19, 2018
    risk 0.31cvss 4.7epss 0.00

    A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.

  • CVE-2017-9369LowNov 14, 2017
    risk 0.25cvss 3.8epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by…

  • CVE-2017-3892LowNov 14, 2017
    risk 0.25cvss 3.8epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands…

  • CVE-2017-9371LowNov 14, 2017
    risk 0.17cvss 2.6epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical…

  • CVE-2017-3893LowNov 14, 2017
    risk 0.12cvss 1.9epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.

  • CVE-2014-2534Mar 18, 2014
    risk 0.03cvss epss 0.01

    /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.

  • CVE-2014-2533Mar 18, 2014
    risk 0.03cvss epss 0.03

    /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.

  • CVE-2008-3024Jul 7, 2008
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.

  • CVE-2019-8997Mar 21, 2019
    risk 0.01cvss epss 0.02

    An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering…

  • CVE-2013-2688Jul 12, 2013
    risk 0.01cvss epss 0.07

    Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage…

  • CVE-2013-2687Jul 12, 2013
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash)…

  • CVE-2012-0870Feb 23, 2012
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a…

  • CVE-2008-3246Jul 21, 2008
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary…

  • CVE-2025-66547Dec 5, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

  • CVE-2025-12766Nov 19, 2025
    risk 0.00cvss epss 0.00

    An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).

  • CVE-2025-2474Jun 10, 2025
    risk 0.00cvss epss 0.01

    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

  • CVE-2023-42404Apr 28, 2025
    risk 0.00cvss epss 0.00

    OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.

  • CVE-2024-48858Jan 14, 2025
    risk 0.00cvss epss 0.01

    Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.

  • CVE-2024-48857Jan 14, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.

  • CVE-2024-48856Jan 14, 2025
    risk 0.00cvss epss 0.01

    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

  • CVE-2024-48855Jan 14, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

  • CVE-2024-48854Jan 14, 2025
    risk 0.00cvss epss 0.00

    Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

  • CVE-2024-51723Nov 25, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.

  • CVE-2024-35215Oct 8, 2024
    risk 0.00cvss epss 0.00

    NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.

  • CVE-2024-35213Jun 11, 2024
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.

Page 1 of 2