Filtered by vendor Blackberry
Subscribe
Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8998 | 1 Blackberry | 1 Qnx Software Development Platform | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. | |||||
| CVE-2020-6932 | 1 Blackberry | 1 Qnx Software Development Platform | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server. | |||||
| CVE-2021-22152 | 1 Blackberry | 1 Unified Endpoint Management | 2021-05-21 | 2.1 LOW | 5.5 MEDIUM |
| A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections. | |||||
| CVE-2021-22153 | 1 Blackberry | 1 Unified Endpoint Management | 2021-05-21 | 6.0 MEDIUM | 7.3 HIGH |
| A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user. | |||||
| CVE-2017-3890 | 1 Blackberry | 2 Appliance-x, Workspaces Vapp | 2021-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | |||||
| CVE-2008-3024 | 1 Blackberry | 1 Qnx Momentics | 2020-11-20 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/. | |||||
| CVE-2020-6933 | 1 Blackberry | 1 Unified Endpoint Manager | 2020-10-29 | 2.1 LOW | 5.5 MEDIUM |
| An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. | |||||
| CVE-2018-8890 | 1 Blackberry | 1 Unified Endpoint Manager | 2020-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. | |||||
| CVE-2012-5828 | 1 Blackberry | 2 Playbook, Playbook Firmware | 2020-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error | |||||
| CVE-2017-3891 | 1 Blackberry | 1 Qnx Software Development Platform | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | |||||
| CVE-2019-8999 | 1 Blackberry | 1 Unified Endpoint Management | 2019-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. | |||||
| CVE-2019-8997 | 1 Blackberry | 1 Athoc | 2019-04-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | |||||
| CVE-2018-8892 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | |||||
| CVE-2018-8888 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8891 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8889 | 1 Blackberry | 1 Enterprise Mobility Server | 2018-12-04 | 4.7 MEDIUM | 4.7 MEDIUM |
| A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | |||||
| CVE-2014-2533 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2018-10-11 | 7.2 HIGH | N/A |
| /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. | |||||
| CVE-2014-2388 | 1 Blackberry | 5 Blackberry Os, Q10, Q5 and 2 more | 2018-10-09 | 6.1 MEDIUM | N/A |
| The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. | |||||
| CVE-2017-9371 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | |||||
| CVE-2017-9369 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | |||||