Page 3 of 16 results (0.008 seconds)

CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anteriores a 1.1.1 build 39 en Mac OS X no determina adecuadamente la cuenta de usuario para la ejecución de Peer Manager en ciertas situaciones que involucren inicios de sesión sucesivos con cuentas diferentes, lo que permite a atacantes dependientes del contexto evadir restricciones intencionadas en carpetas file-access remotas a través de peticiones IPv6 WebDAV, una vulnerabilidad diferente a CVE-2013-3694. • http://www.blackberry.com/btsc/KB35315 https://exchange.xforce.ibmcloud.com/vulnerabilities/89202 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 1

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anterior a 1.1.1 build 39 en Mac OS X no requiere autenticación para carpetas file-access remotas, lo que permite a atacantes remotos leer o crear archivos arbitrarios a través de peticiones IPv6 WebDAV, tal y como se demostró mediante un ataque de CSRF que involucraba la reconsolidación de DNS. • http://blog.cmpxchg8b.com/2013/11/qnx.html http://www.blackberry.com/btsc/KB35315 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. El BlackBerry Universal Device Service en BlackBerry Enterprise Service (BES) 10.0 hasta 10.1.2 no restringe adecuadamente el interface JBoss Remote method Invocation (RMI), lo que permite a atacantes remotos subir y ejecutar paquetes de forma arbitraria a través de una petición a puerto 1098. • http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl http://secunia.com/advisories/55187 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application. BlackBerry 10 OS anteriores a v10.0.10.648 en smartphones BlackBerry Z10 usa permisos débiles para los objetos BlackBerry Protect, lo que permite a atacantes locales cercanos evitar las restricciones de acceso, aprovechando la petición de reseteo de contraseña en BlackBerry Protect y la instalación de una aplicación amnipulada. • http://www.blackberry.com/btsc/KB34458 https://exchange.xforce.ibmcloud.com/vulnerabilities/85878 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive. El servicio BlackBerry PlayBook en la tableta Research In Motion (RIM) BlackBerry PlayBook con software anterior a v1.0.8.6067, permite a a usuarios locales ganar privilegios a través de un archivo de configuración modificado en un archivo de copia de seguridad. • http://blackberry.com/btsc/KB29191 http://secunia.com/advisories/47132 http://securitytracker.com/id?1026386 http://www.securityfocus.com/bid/50931 https://exchange.xforce.ibmcloud.com/vulnerabilities/71659 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •