Filtered by vendor Blackberry
Subscribe
Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3894 | 1 Blackberry | 2 Enterprise Service, Unified Endpoint Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. | |||||
| CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | |||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | 6.8 MEDIUM | 9.8 CRITICAL |
| A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | |||||
| CVE-2014-6611 | 1 Blackberry | 2 Blackberry Os, Blackberry World | 2025-04-12 | 4.3 MEDIUM | N/A |
| The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream. | |||||
| CVE-2016-3129 | 1 Blackberry | 1 Good Enterprise Mobility Server | 2025-04-12 | 8.5 HIGH | 6.6 MEDIUM |
| A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. | |||||
| CVE-2016-1916 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen. | |||||
| CVE-2016-1918 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917. | |||||
| CVE-2014-2388 | 1 Blackberry | 5 Blackberry Os, Q10, Q5 and 2 more | 2025-04-12 | 6.1 MEDIUM | N/A |
| The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. | |||||
| CVE-2016-3126 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4111 | 1 Blackberry | 1 Blackberry Link | 2025-04-12 | 6.8 MEDIUM | N/A |
| mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. | |||||
| CVE-2015-4112 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue. | |||||
| CVE-2014-2533 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2025-04-12 | 7.2 HIGH | N/A |
| /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. | |||||
| CVE-2014-2389 | 1 Blackberry | 2 Blackberry Os, Blackberry Z10 | 2025-04-12 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network. | |||||
| CVE-2014-2534 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2025-04-12 | 4.9 MEDIUM | N/A |
| /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow. | |||||
| CVE-2014-1469 | 1 Blackberry | 3 Blackberry Enterprise Service, Enterprise Server, Enterprise Server Express | 2025-04-12 | 4.9 MEDIUM | N/A |
| BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. | |||||
| CVE-2016-1917 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918. | |||||
| CVE-2013-3693 | 1 Blackberry | 1 Blackberry Enterprise Service | 2025-04-11 | 7.9 HIGH | N/A |
| The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. | |||||
| CVE-2014-1467 | 1 Blackberry | 4 Blackberry Enterprise Service, Blackberry Universal Device Service, Enterprise Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. | |||||
| CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2025-04-11 | 6.8 MEDIUM | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | |||||
| CVE-2013-3692 | 1 Blackberry | 2 Blackberry Os, Z10 | 2025-04-11 | 6.2 MEDIUM | N/A |
| BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application. | |||||