CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 3CVE-2014-2533 – ifwatchd - Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-2533
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. /sbin/ifwatchd en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales ganar privilegios proporcionando un nombre de programa arbitrario como un argumento de línea de comandos. • https://www.exploit-db.com/exploits/45575 https://www.exploit-db.com/exploits/32153 http://seclists.org/bugtraq/2014/Mar/66 http://seclists.org/bugtraq/2014/Mar/88 http://seclists.org/fulldisclosure/2014/Mar/124 http://seclists.org/fulldisclosure/2014/Mar/98 http://www.exploit-db.com/exploits/32153 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1467
https://notcve.org/view.php?id=CVE-2014-1467
BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. BlackBerry Enterprise Service 10 anterior a 10.2.1, Universal Device Service 6, Enterprise Server Express para Domino hasta 5.0.4, Enterprise Server Express for Exchange hasta 5.0.4, Enterprise Server para Domino hasta 5.0.4 MR6, Enterprise Server para Exchange hasta 5.0.4 MR6 y Enterprise Server para GroupWise hasta 5.0.4 MR6 registran credenciales en texto plano durante el manejo de excepciones, lo que podría permitir a atacantes dependientes de contexto obtener información sensible mediante la lectura de un archivo de registro. • http://www.blackberry.com/btsc/KB35647 • CWE-255: Credentials Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6798
https://notcve.org/view.php?id=CVE-2013-6798
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anteriores a 1.1.1 build 39 en Mac OS X no determina adecuadamente la cuenta de usuario para la ejecución de Peer Manager en ciertas situaciones que involucren inicios de sesión sucesivos con cuentas diferentes, lo que permite a atacantes dependientes del contexto evadir restricciones intencionadas en carpetas file-access remotas a través de peticiones IPv6 WebDAV, una vulnerabilidad diferente a CVE-2013-3694. • http://www.blackberry.com/btsc/KB35315 https://exchange.xforce.ibmcloud.com/vulnerabilities/89202 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3694
https://notcve.org/view.php?id=CVE-2013-3694
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anterior a 1.1.1 build 39 en Mac OS X no requiere autenticación para carpetas file-access remotas, lo que permite a atacantes remotos leer o crear archivos arbitrarios a través de peticiones IPv6 WebDAV, tal y como se demostró mediante un ataque de CSRF que involucraba la reconsolidación de DNS. • http://blog.cmpxchg8b.com/2013/11/qnx.html http://www.blackberry.com/btsc/KB35315 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3693
https://notcve.org/view.php?id=CVE-2013-3693
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. El BlackBerry Universal Device Service en BlackBerry Enterprise Service (BES) 10.0 hasta 10.1.2 no restringe adecuadamente el interface JBoss Remote method Invocation (RMI), lo que permite a atacantes remotos subir y ejecutar paquetes de forma arbitraria a través de una petición a puerto 1098. • http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl http://secunia.com/advisories/55187 • CWE-264: Permissions, Privileges, and Access Controls •