CVE-2024-51722 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51722
A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands. • https://support.blackberry.com/pkb/s/article/140220 • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-51721 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51721
A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. • https://support.blackberry.com/pkb/s/article/140220 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-51720 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51720
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. • https://support.blackberry.com/pkb/s/article/140220 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-32701 – Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)
https://notcve.org/view.php?id=CVE-2023-32701
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. Una validación de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podría permitir que un atacante cause potencialmente la divulgación de información o una condición de denegación de servicio. • https://support.blackberry.com/kb/articleDetail?articleNumber=000112401 • CWE-20: Improper Input Validation •
CVE-2023-21520
https://notcve.org/view.php?id=CVE-2023-21520
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. Una Enumeración de PII mediante Recuperación de Credenciales en el Autoservicio (Recuperación de Credenciales) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante asociar potencialmente una lista de detalles de contacto con una organización AtHoc IWS. • https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406 •