CVE-2011-1416
https://notcve.org/view.php?id=CVE-2011-1416
The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. Research In Motion (RIM) BlackBerry 9800 Torch con firmware v6.0.0.246 permite a los atacantes leer el contenido de posiciones de memoria a través de vectores desconocidos, como lo demuestran Vincenzo Iozzo, Pinckaers Willem, y Ralf-Philipp Weinmann durante un concurso Pwn2Own en CanSecWest 2011. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2599
https://notcve.org/view.php?id=CVE-2010-2599
Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Vulnerabilidad no especificada en BlackBerry Device Software anterior a v6.0.0 de Research In Motion (RIM) permite a atacantes remotos provocar una denegación de servicio (navegador se bloquea) a través de una página web manipulada. • http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html http://osvdb.org/70404 http://www.blackberry.com/btsc/KB24841 http://www.securityfocus.com/archive/1/515860/100/0/threaded http://www.securityfocus.com/bid/45754 http://www.securitytracker.com/id?1024952 http://www.vupen.com/english/advisories/2011/0082 https://exchange.xforce.ibmcloud.com/vulnerabilities/64622 •
CVE-2010-2604
https://notcve.org/view.php?id=CVE-2010-2604
Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. Múltiples desbordamientos de búfer en PDF Distiller en el componente de BlackBerry Attachment Service de Research In Motion (RIM) BlackBerry Enterprise Server v4.1.3 hasta v5.0.2, y Enterprise Server Express v5.0.1 y v5.0.2, permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF manipulado. • http://osvdb.org/70393 http://secunia.com/advisories/42882 http://www.blackberry.com/btsc/KB25382 http://www.securityfocus.com/bid/45753 http://www.securitytracker.com/id?1024953 http://www.vupen.com/english/advisories/2011/0081 https://exchange.xforce.ibmcloud.com/vulnerabilities/64621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2603
https://notcve.org/view.php?id=CVE-2010-2603
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. RIM BlackBerry Desktop Software v4.7 hasta v6.0 para PC, y v1.0 para Mac, utiliza una contraseña débil para cifrar un archivo de copia de seguridad de la base de datos, lo que hace que sea más fácil para los usuarios locales descifrar el archivo a través de un ataque de fuerza bruta. • http://secunia.com/advisories/42657 http://secunia.com/advisories/42661 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24764 http://www.securityfocus.com/bid/45434 http://www.securitytracker.com/id?1024908 • CWE-310: Cryptographic Issues •
CVE-2010-2602
https://notcve.org/view.php?id=CVE-2010-2602
Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document. Múltiples desbordamientos de búfer en el componente PDF Distiller en BlackBerry Attachment Service en BlackBerry Enterprise Server v5.0.0 hasta v5.0.2, v4.1.6, y v4.1.7, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de un documento PDF manipulado. • http://secunia.com/advisories/35632 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761 http://www.securityfocus.com/bid/45392 http://www.securitytracker.com/id?1024891 http://www.vupen.com/english/advisories/2010/3237 https://exchange.xforce.ibmcloud.com/vulnerabilities/64066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •