CVSS: 7.6EPSS: 0%CPEs: 17EXPL: 0CVE-2010-2601
https://notcve.org/view.php?id=CVE-2010-2601
Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Múltiples desbordamientos de búfer en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.7 and earlier y v5.0.0 hasta v5.0.2, y BlackBerry Professional Software v4.1.4 and earlier, permite a atacantse asistidos por usuarios remotos causar una denegacion de servicio y probablemente ejecutar código de su elección a través de un documento PDF manipulado. • http://blackberry.com/btsc/KB24547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 7EXPL: 0CVE-2009-4778
https://notcve.org/view.php?id=CVE-2009-4778
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. Múltiples vulnerabilidades no especificadas en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.3 hasta v4.1.7 y v5.0.0, y BlackBerry Professional Software v4.1.4, permite a atacantes remotos asistidos por usuarios causar una denegación de servicio (caída de memoria) o probablemente ejecutar código de su elección a través de un fichero adjunto .pdf manipulado, una vulnerabilidad diferente que CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. • http://secunia.com/advisories/37562 http://www.blackberry.com/btsc/KB19860 http://www.securityfocus.com/bid/37167 http://www.securitytracker.com/id?1023258 http://www.vupen.com/english/advisories/2009/3372 •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2646
https://notcve.org/view.php?id=CVE-2009-2646
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. Vulnerabilidad múltiple no especificado en PDF distiller en el componente Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) software v4.1.3 hasta v4.1.6 y BlackBerry Professional Software v4.1.4 permite a los atacantes remotos asistidos por usuarios causar una denegación de memoria(corrupción de memoria) o posiblemente ejecutar arbitrariamente código a través de un fichero adjunto .pdf manipulado, una vulnerabilidad diferente a CVE-2008-3246 y CVE-2009-0219. • http://www.blackberry.com/btsc/KB17953 •
CVSS: 9.3EPSS: 4%CPEs: 7EXPL: 0CVE-2009-2643
https://notcve.org/view.php?id=CVE-2009-2643
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. Múltiples vulnerabilidades sin especificar en el componente PDF distiller en el Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v4.1.3 a la v5.0 y BlackBerry Professional Software v4.1.4, permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de un adjunto con un archivo .pdf. Vulnerabilidad distinta de CVE-2008-3246 y CVE-2009-0219. • http://secunia.com/advisories/35254 http://www.blackberry.com/btsc/KB18327 http://www.osvdb.org/54767 http://www.securityfocus.com/bid/35102 http://www.securitytracker.com/id?1022295 http://www.vupen.com/english/advisories/2009/1429 https://exchange.xforce.ibmcloud.com/vulnerabilities/50755 •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 2CVE-2009-0307 – BlackBerry Enterprise Server 4.0/4.1 - MDS Connection Service Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0307
Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la "Customize Statistics Page" (admin/statistics/ConfigureStatistics) en el servicio de conexión MDS en Research in Motion (RIM) BlackBerry Enterprise Server (BES) anterior a versión 4.1.6 MR5 permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, y (11) referenceTime. • https://www.exploit-db.com/exploits/32927 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html http://osvdb.org/53772 http://secunia.com/advisories/34740 http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969 http://www.securityfocus.com/bid/34573 http://www.securitytracker.com/id?1022081 http://www.vupen.com/english/advisories/2009/1090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •