CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6798
https://notcve.org/view.php?id=CVE-2013-6798
16 Nov 2013 — BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anteriores a 1.1.1 build 39 en Mac OS X no det... • http://www.blackberry.com/btsc/KB35315 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3694
https://notcve.org/view.php?id=CVE-2013-3694
16 Nov 2013 — BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anterior a 1.1.1 build 39 en Mac OS X no requiere autenticación para carpetas file-access remotas, lo que permite a atacantes remotos leer o crear archivos arb... • http://blog.cmpxchg8b.com/2013/11/qnx.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3693
https://notcve.org/view.php?id=CVE-2013-3693
11 Oct 2013 — The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. El BlackBerry Universal Device Service en BlackBerry Enterprise Service (BES) 10.0 hasta 10.1.2 no restringe adecuadamente el interface JBoss Remote method Invocation (RMI), lo que permite a atacantes remotos subir y ejecutar... • http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2013-3692
https://notcve.org/view.php?id=CVE-2013-3692
13 Jul 2013 — BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application. BlackBerry 10 OS anteriores a v10.0.10.648 en smartphones BlackBerry Z10 usa permisos débiles para los objetos BlackBerry Protect, lo que permite a atacantes locales cercanos evitar las restr... • http://www.blackberry.com/btsc/KB34458 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0291
https://notcve.org/view.php?id=CVE-2011-0291
08 Dec 2011 — The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive. El servicio BlackBerry PlayBook en la tableta Research In Motion (RIM) BlackBerry PlayBook con software anterior a v1.0.8.6067, permite a a usuarios locales ganar privilegios a través de un archivo de configuración modificado en un archivo de copia de seguridad. • http://blackberry.com/btsc/KB29191 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 26%CPEs: 14EXPL: 0CVE-2008-3246
https://notcve.org/view.php?id=CVE-2008-3246
21 Jul 2008 — Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. Vulnerabilidad sin especificar en el componente PDF distiller en el BlackBerry Attachment Service en BlackBerry Unite! 1.0 SP1 (1.0.1) anterior a bundle 36 y BlackBerry Enterprise Server 4.1 S... • http://secunia.com/advisories/31092 • CWE-94: Improper Control of Generation of Code ('Code Injection') •