CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35214 – Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows
https://notcve.org/view.php?id=CVE-2024-35214
20 Aug 2024 — A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT. BlackBerry CylanceOPTICS versions prior to 3.3 MR2 and 3.2 MR5 suffer from an uninstall password bypass vulnerability. • https://packetstorm.news/files/id/181909 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35213 – Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)
https://notcve.org/view.php?id=CVE-2024-35213
11 Jun 2024 — An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process. Una vulnerabilidad de validación de entrada incorrecta en el códec de imágenes SGI de las versiones 6.6, 7.0 y 7.1 de QNX SDP podría permitir que un atacante cause potencialmente una condición de denegación de servicio o ejecute código en el contexto del proceso de p... • https://support.blackberry.com/pkb/s/article/139914 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32701 – Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)
https://notcve.org/view.php?id=CVE-2023-32701
14 Nov 2023 — Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. Una validación de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podría permitir que un atacante cause potencialmente la divulgación de información o una condición de denegación de servicio. • https://support.blackberry.com/kb/articleDetail?articleNumber=000112401 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21520
https://notcve.org/view.php?id=CVE-2023-21520
12 Sep 2023 — A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. Una Enumeración de PII mediante Recuperación de Credenciales en el Autoservicio (Recuperación de Credenciales) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante asociar potencialmente una lista de detalles de contacto con una organización AtHoc IWS. A PII Enumeration via Cre... • https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21523
https://notcve.org/view.php?id=CVE-2023-21523
12 Sep 2023 — A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account. Una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la Consola de Administración (Administración de Usuarios y Alertas) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante ejecutar comandos de script en el contexto de la cuenta de usuario afectada. • https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21522
https://notcve.org/view.php?id=CVE-2023-21522
12 Sep 2023 — A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. Una vulnerabilidad de Cross-site Scripting (XSS) Reflejada en la Consola de Administración (informes) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante controlar potencialmente el script que se eje... • https://support.blackberry.com/kb/articleDetail?articleNumber=000112406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21521
https://notcve.org/view.php?id=CVE-2023-21521
12 Sep 2023 — An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. ¿Una vulnerabilidad de inyección SQL en la Consola de Administración? (Operator Audit Trail) de Bla... • https://support.blackberry.com/kb/articleDetail?articleNumber=000112406 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-32025
https://notcve.org/view.php?id=CVE-2021-32025
09 Mar 2022 — An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. Una vulnerabilidad de elevación de privilegios en el QNX Neutr... • http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-32024
https://notcve.org/view.php?id=CVE-2021-32024
13 Dec 2021 — A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. Una vulnerabilidad de ejecución de código remota en el códec de imágenes BMP de BlackBerry QNX SDP versiones 6.4 a 7.1, podría permitir a un atacante ejecutar potencialmente código en el contexto del proceso afectado • http://support.blackberry.com/kb/articleDetail?articleNumber=000089042 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32023
https://notcve.org/view.php?id=CVE-2021-32023
10 Nov 2021 — An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system. Una vulnerabilidad de elevación de privilegios en el broker de mensajes de BlackBerry Protect para Windows versión(es) 1574 y anteriores, podría permitir a un atacante ejecutar potencialmente código en el contexto de un servicio de BlackBerry ... • https://support.blackberry.com/kb/articleDetail?articleNumber=000088685 •