CVSS: 4.3EPSS: 2%CPEs: 13EXPL: 0CVE-2010-2599
https://notcve.org/view.php?id=CVE-2010-2599
Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Vulnerabilidad no especificada en BlackBerry Device Software anterior a v6.0.0 de Research In Motion (RIM) permite a atacantes remotos provocar una denegación de servicio (navegador se bloquea) a través de una página web manipulada. • http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html http://osvdb.org/70404 http://www.blackberry.com/btsc/KB24841 http://www.securityfocus.com/archive/1/515860/100/0/threaded http://www.securityfocus.com/bid/45754 http://www.securitytracker.com/id?1024952 http://www.vupen.com/english/advisories/2011/0082 https://exchange.xforce.ibmcloud.com/vulnerabilities/64622 •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2010-2603
https://notcve.org/view.php?id=CVE-2010-2603
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. RIM BlackBerry Desktop Software v4.7 hasta v6.0 para PC, y v1.0 para Mac, utiliza una contraseña débil para cifrar un archivo de copia de seguridad de la base de datos, lo que hace que sea más fácil para los usuarios locales descifrar el archivo a través de un ataque de fuerza bruta. • http://secunia.com/advisories/42657 http://secunia.com/advisories/42661 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24764 http://www.securityfocus.com/bid/45434 http://www.securitytracker.com/id?1024908 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2010-3934
https://notcve.org/view.php?id=CVE-2010-3934
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. El navegador en Research In Motion (RIM) BlackBerry Device Software v5.0.0.593 Platform v5.1.0.147 en la BlackBerry 9700 no restringe correctamente la ejecución de dominio cruzado de JavaScript, lo cual permite a los atacantes remotos evitar la "Same Origin Policy" a través de vectores relacionados con una llamada a window.open y un elemento IFRAME. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt http://secunia.com/advisories/41536 http://securitytracker.com/id?1024506 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 17EXPL: 0CVE-2010-2601
https://notcve.org/view.php?id=CVE-2010-2601
Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Múltiples desbordamientos de búfer en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.7 and earlier y v5.0.0 hasta v5.0.2, y BlackBerry Professional Software v4.1.4 and earlier, permite a atacantse asistidos por usuarios remotos causar una denegacion de servicio y probablemente ejecutar código de su elección a través de un documento PDF manipulado. • http://blackberry.com/btsc/KB24547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3741
https://notcve.org/view.php?id=CVE-2010-3741
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. El mecanismo de copia de seguridad offline de Research In Motion (RIM) BlackBerry Desktop Software utiliza PBKDF2 de una sola iteración, lo que facilita a los usuarios locales a la hora de descifrar un archivo .ipd a través de un ataque de fuerza bruta. • http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords http://it.slashdot.org/story/10/10/01/166226 http://twitter.com/elcomsoft/statuses/25954970586 http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360 • CWE-310: Cryptographic Issues •