CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 2CVE-2014-2388 – BlackBerry Z10 Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-2388
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. El servicio de almacenamiento y acceso en BlackBerry OS 10.x anterior a 10.2.1.1925 en los dispositivos Q5, Q10, Z10, y Z30 no aplica el requisito de contraseñas para el acceso al sistema de ficheros SMB, lo que permite a atacantes dependientes de contexto leer ficheros arbitrarios a través de (1) una sesión por una red Wi-Fi o (2) una sesión por una conexión USB en modo de desarrollo. BlackBerry Z10 suffers from a storage and access file-exchange authentication bypass vulnerability. • http://packetstormsecurity.com/files/127850 http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html http://secunia.com/advisories/60156 http://www.blackberry.com/btsc/KB36174 http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt http://www.securityfocus.com/archive/1/533118/100/0/threaded http://www.securityfocus.com/bid/69217 https://exchange.xforce.ibmcloud.com/vulnerabilities/95262 https://exchange.xforce.ibmcloud.com/vulnerabi • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 1CVE-2014-2389 – BlackBerry Z 10 Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-2389
Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network. Desbordamiento de búfer basado en pila en una cierta función de descifrado en qconnDoor en dispositivos BlackBerry Z10 con software 10.1.0.2312, cuando el modo desarrollador ha sido habilitado previamente, permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado en una sesión TCP en una red wireless. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0036.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2013-3692
https://notcve.org/view.php?id=CVE-2013-3692
BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application. BlackBerry 10 OS anteriores a v10.0.10.648 en smartphones BlackBerry Z10 usa permisos débiles para los objetos BlackBerry Protect, lo que permite a atacantes locales cercanos evitar las restricciones de acceso, aprovechando la petición de reseteo de contraseña en BlackBerry Protect y la instalación de una aplicación amnipulada. • http://www.blackberry.com/btsc/KB34458 https://exchange.xforce.ibmcloud.com/vulnerabilities/85878 • CWE-264: Permissions, Privileges, and Access Controls •