Vulnerabilities > RIM

DATE CVE VULNERABILITY TITLE RISK
2012-02-23 CVE-2012-0870 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
7.9
2011-10-21 CVE-2011-0290 Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Enterprise Server 5.0.3
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
network
low complexity
rim lotus microsoft CWE-264
6.5
2011-07-14 CVE-2011-0287 Information Disclosure vulnerability in RIM products
Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors.
network
low complexity
rim
6.4
2011-04-18 CVE-2011-0286 Cross-Site Scripting vulnerability in RIM products
Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.
network
rim CWE-79
4.3
2011-03-11 CVE-2011-1290 Numeric Errors vulnerability in multiple products
Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
network
low complexity
apple rim CWE-189
critical
10.0
2011-03-11 CVE-2011-1416 Information Exposure vulnerability in RIM products
The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
network
low complexity
rim CWE-200
5.0
2011-01-13 CVE-2010-2604 Buffer Errors vulnerability in RIM products
Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.
network
rim CWE-119
critical
9.3
2011-01-13 CVE-2010-2599 Remote Denial Of Service vulnerability in Research In Motion BlackBerry Device Software
Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.
network
rim
4.3
2010-12-17 CVE-2010-2603 Cryptographic Issues vulnerability in RIM Blackberry Desktop Software
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack.
local
low complexity
rim microsoft apple CWE-310
2.1
2010-12-17 CVE-2010-2602 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in RIM Blackberry Enterprise Server
Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document.
network
rim CWE-119
6.8