RSS   Vulnerabilities for 'Blackberry os'   RSS

2014-10-25
 
CVE-2014-6611

CWE-20
 

 
The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.

 
2014-08-18
 
CVE-2014-2388

CWE-264
 

 
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

 
2014-04-12
 
CVE-2014-2389

 

 
Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.

 
2013-07-13
 
CVE-2013-3692

CWE-264
 

 
BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application.

 

 >>> Vendor: Blackberry 28 Products
Enterprise server
Unite
Blackberry tablet os
Qnx momentics tool suite
Qnx software development platform
Qnx neutrino rtos
Z10
Blackberry os
Blackberry enterprise service
Blackberry link
Blackberry universal device service
Enterprise server express
Blackberry z10
Q10
Q5
Z30
Blackberry world
Good enterprise mobility server
Enterprise service
VAPP
Appliance-x
Good control server
Unified endpoint manager
Workspaces
Workspaces appliance-x
Workspaces vapp
Enterprise mobility server
Unified endpoint management


Copyright 2020, cxsecurity.com

 

Back to Top