Vulnerabilities > RIM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-21 | CVE-2011-0290 | Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Enterprise Server 5.0.3 The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. | 6.5 |
| 2011-07-14 | CVE-2011-0287 | Information Disclosure vulnerability in RIM products Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors. | 6.4 |
| 2011-04-18 | CVE-2011-0286 | Cross-Site Scripting vulnerability in RIM products Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action. | 4.3 |
| 2011-03-11 | CVE-2011-1290 | Numeric Errors vulnerability in multiple products Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. | 10.0 |
| 2011-03-11 | CVE-2011-1416 | Information Exposure vulnerability in RIM products The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. | 5.0 |
| 2011-01-13 | CVE-2010-2604 | Buffer Errors vulnerability in RIM products Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. | 9.3 |
| 2011-01-13 | CVE-2010-2599 | Remote Denial Of Service vulnerability in Research In Motion BlackBerry Device Software Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. network rim | 4.3 |
| 2010-12-17 | CVE-2010-2603 | Cryptographic Issues vulnerability in RIM Blackberry Desktop Software RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. | 2.1 |
| 2010-12-17 | CVE-2010-2602 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in RIM Blackberry Enterprise Server Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document. | 6.8 |
| 2010-10-14 | CVE-2010-3934 | Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Device Software 5.0.0.593 The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. | 6.8 |