CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48858 – Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
https://notcve.org/view.php?id=CVE-2024-48858
14 Jan 2025 — Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. • https://support.blackberry.com/pkb/s/article/140334 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48857 – Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
https://notcve.org/view.php?id=CVE-2024-48857
14 Jan 2025 — NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. • https://support.blackberry.com/pkb/s/article/140334 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48856 – Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
https://notcve.org/view.php?id=CVE-2024-48856
14 Jan 2025 — Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec. • https://support.blackberry.com/pkb/s/article/140334 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48855 – Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
https://notcve.org/view.php?id=CVE-2024-48855
14 Jan 2025 — Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. • https://support.blackberry.com/pkb/s/article/140334 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48854 – Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
https://notcve.org/view.php?id=CVE-2024-48854
14 Jan 2025 — Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. • https://support.blackberry.com/pkb/s/article/140334 • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51723 – Vulnerability in Management Console Impacts BlackBerry AtHoc
https://notcve.org/view.php?id=CVE-2024-51723
25 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session. • https://support.blackberry.com/pkb/s/article/140250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51722 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51722
12 Nov 2024 — A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands. • https://support.blackberry.com/pkb/s/article/140220 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51721 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51721
12 Nov 2024 — A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. • https://support.blackberry.com/pkb/s/article/140220 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51720 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51720
12 Nov 2024 — An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. • https://support.blackberry.com/pkb/s/article/140220 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35215
https://notcve.org/view.php?id=CVE-2024-35215
08 Oct 2024 — NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process. • https://support.blackberry.com/pkb/s/article/140162 • CWE-476: NULL Pointer Dereference •