Vulnerabilities > RIM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-21 | CVE-2011-0290 | Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Enterprise Server 5.0.3 The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. | 6.5 |
| 2011-07-14 | CVE-2011-0287 | Information Disclosure vulnerability in RIM products Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors. | 6.4 |
| 2011-04-18 | CVE-2011-0286 | Cross-Site Scripting vulnerability in RIM products Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action. | 4.3 |
| 2011-03-11 | CVE-2011-1416 | Information Exposure vulnerability in RIM products The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. | 5.0 |
| 2011-01-13 | CVE-2010-2599 | Remote Denial Of Service vulnerability in Research In Motion BlackBerry Device Software Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. network rim | 4.3 |
| 2010-12-17 | CVE-2010-2602 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in RIM Blackberry Enterprise Server Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document. | 6.8 |
| 2010-10-14 | CVE-2010-3934 | Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Device Software 5.0.0.593 The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. | 6.8 |
| 2010-10-05 | CVE-2010-3741 | Cryptographic Issues vulnerability in RIM Blackberry Desktop Software The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. | 4.7 |
| 2009-11-16 | CVE-2009-3944 | Denial-Of-Service vulnerability in RIM Blackberry 8800 and Blackberry Browser Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | 5.0 |
| 2009-09-29 | CVE-2009-3477 | Cryptographic Issues vulnerability in RIM Blackberry Device Software The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |