VYPR

Vendor CVEs

Blackberry

All CVEs

97 total · sorted by risk
  • CVE-2024-2241Mar 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions

  • CVE-2023-32701Nov 14, 2023
    risk 0.00cvss epss 0.00

    Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

  • CVE-2023-21520Sep 12, 2023
    risk 0.00cvss epss 0.00

    A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.

  • CVE-2023-21523Sep 12, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.

  • CVE-2023-21522Sep 12, 2023
    risk 0.00cvss epss 0.00

    A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the…

  • CVE-2023-21521Sep 12, 2023
    risk 0.00cvss epss 0.00

    An SQL Injection vulnerability in the Management Console  (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on…

  • CVE-2021-32025Mar 9, 2022
    risk 0.00cvss epss 0.00

    An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for…

  • CVE-2021-32024Dec 13, 2021
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

  • CVE-2021-43637Dec 7, 2021
    risk 0.00cvss epss 0.00

    Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O…

  • CVE-2021-32023Nov 10, 2021
    risk 0.00cvss epss 0.00

    An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.

  • CVE-2021-32022Nov 10, 2021
    risk 0.00cvss epss 0.00

    A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining…

  • CVE-2021-32021Nov 10, 2021
    risk 0.00cvss epss 0.00

    A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.

  • CVE-2021-22156Aug 17, 2021
    risk 0.00cvss epss 0.02

    An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that…

  • CVE-2021-22154May 13, 2021
    risk 0.00cvss epss 0.01

    An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.

  • CVE-2021-22153May 13, 2021
    risk 0.00cvss epss 0.01

    A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine…

  • CVE-2021-22152May 13, 2021
    risk 0.00cvss epss 0.00

    A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.

  • CVE-2021-22155May 12, 2021
    risk 0.00cvss epss 0.01

    An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s…

  • CVE-2020-6933Oct 14, 2020
    risk 0.00cvss epss 0.00

    An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.

  • CVE-2020-6932Aug 12, 2020
    risk 0.00cvss epss 0.04

    An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the…

  • CVE-2012-5828Feb 10, 2020
    risk 0.00cvss epss 0.02

    BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error

  • CVE-2019-8998Jul 12, 2019
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized…

  • CVE-2019-8999Apr 18, 2019
    risk 0.00cvss epss 0.01

    An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

  • CVE-2018-8888Dec 20, 2018
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.

  • CVE-2018-8891Dec 20, 2018
    risk 0.00cvss epss 0.01

    Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.

  • CVE-2018-8892Dec 20, 2018
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.

  • CVE-2018-8890Oct 12, 2018
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.

  • CVE-2015-4112Nov 19, 2015
    risk 0.00cvss epss 0.01

    The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.

  • CVE-2015-4111Jul 20, 2015
    risk 0.00cvss epss 0.04

    mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.

  • CVE-2014-6611Oct 25, 2014
    risk 0.00cvss epss 0.01

    The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof…

  • CVE-2014-2388Aug 18, 2014
    risk 0.00cvss epss 0.01

    The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network…

  • CVE-2014-1469Aug 18, 2014
    risk 0.00cvss epss 0.00

    BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.

  • CVE-2014-2389Apr 12, 2014
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless…

  • CVE-2014-1467Feb 14, 2014
    risk 0.00cvss epss 0.01

    BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6,…

  • CVE-2013-3694Nov 18, 2013
    risk 0.00cvss epss 0.01

    BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving…

  • CVE-2013-6798Nov 18, 2013
    risk 0.00cvss epss 0.02

    BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to…

  • CVE-2013-3693Oct 11, 2013
    risk 0.00cvss epss 0.01

    The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to…

  • CVE-2013-3692Jul 13, 2013
    risk 0.00cvss epss 0.00

    BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a…

  • CVE-2011-0291Dec 8, 2011
    risk 0.00cvss epss 0.00

    The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive.

  • CVE-2011-0290Oct 21, 2011
    risk 0.00cvss epss 0.02

    The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send…

  • CVE-2011-0287Jul 14, 2011
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause…

  • CVE-2010-2602Dec 17, 2010
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF…

  • CVE-2010-2601Oct 14, 2010
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted…

  • CVE-2010-2600Sep 15, 2010
    risk 0.00cvss epss 0.05

    Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed…

  • CVE-2009-4778Apr 21, 2010
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers…

  • CVE-2009-3477Sep 29, 2009
    risk 0.00cvss epss 0.01

    The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the…

  • CVE-2007-3483Jun 28, 2007
    risk 0.00cvss epss 0.01

    Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.

  • CVE-2006-5489Oct 25, 2006
    risk 0.00cvss epss 0.01

    Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's…

Page 2 of 2