CVSS: 9.3EPSS: 4%CPEs: 7EXPL: 0CVE-2009-2643
https://notcve.org/view.php?id=CVE-2009-2643
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. Múltiples vulnerabilidades sin especificar en el componente PDF distiller en el Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v4.1.3 a la v5.0 y BlackBerry Professional Software v4.1.4, permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de un adjunto con un archivo .pdf. Vulnerabilidad distinta de CVE-2008-3246 y CVE-2009-0219. • http://secunia.com/advisories/35254 http://www.blackberry.com/btsc/KB18327 http://www.osvdb.org/54767 http://www.securityfocus.com/bid/35102 http://www.securitytracker.com/id?1022295 http://www.vupen.com/english/advisories/2009/1429 https://exchange.xforce.ibmcloud.com/vulnerabilities/50755 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2575
https://notcve.org/view.php?id=CVE-2009-2575
The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Research In Motion (RIM) BlackBerry v8800 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída del buscador) a través un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069772.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 2CVE-2009-0307 – BlackBerry Enterprise Server 4.0/4.1 - MDS Connection Service Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0307
Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la "Customize Statistics Page" (admin/statistics/ConfigureStatistics) en el servicio de conexión MDS en Research in Motion (RIM) BlackBerry Enterprise Server (BES) anterior a versión 4.1.6 MR5 permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, y (11) referenceTime. • https://www.exploit-db.com/exploits/32927 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html http://osvdb.org/53772 http://secunia.com/advisories/34740 http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969 http://www.securityfocus.com/bid/34573 http://www.securitytracker.com/id?1022081 http://www.vupen.com/english/advisories/2009/1090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 28%CPEs: 14EXPL: 0CVE-2008-3246
https://notcve.org/view.php?id=CVE-2008-3246
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. Vulnerabilidad sin especificar en el componente PDF distiller en el BlackBerry Attachment Service en BlackBerry Unite! 1.0 SP1 (1.0.1) anterior a bundle 36 y BlackBerry Enterprise Server 4.1 SP3 (4.1.3) a la v4.1 SP5 (4.1.5), permite atacantes remotos asistidos por el usuario ejecutar códigod e su elección a través de un fichero PDF adjunto manipulado. • http://secunia.com/advisories/31092 http://secunia.com/advisories/31141 http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html http://www.kb.cert.org/vuls/id/289235 http://www.securitytracker.com/id?1020505 http://www.vupen.com/english/advisories/2008/2108/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43840 https://exchange.xforce.ibmcloud.com/vulnerabilities/43843 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3483
https://notcve.org/view.php?id=CVE-2007-3483
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. Research en Motion BlackBerry Enterprise Server 4.0 hasta 4.1 tiene una configuración por defecto que permite la instalación de aplicaciones arbitrarias de terceros en dispositivos BlackBerry, lo cual podría facilitar la carga de malware. • http://www.blackberry.com/btsc/articles/968/KB05499_f.SAL_Public.html http://www.praetoriang.net/presentations/blackjack.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35442 •