QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-02-09
Updated
2017-07-20
Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-02-09
Updated
2017-07-20
Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.
Max CVSS
6.2
EPSS Score
0.04%
Published
2006-02-09
Updated
2017-07-20
Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-31
Updated
2017-07-11
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
Max CVSS
10.0
EPSS Score
1.08%
Published
2004-08-15
Updated
2017-07-11
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-08-26
Updated
2017-07-11
Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.
Max CVSS
10.0
EPSS Score
4.16%
Published
2004-12-31
Updated
2017-07-11
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
Max CVSS
6.9
EPSS Score
0.04%
Published
2002-12-31
Updated
2008-09-05
ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.
Max CVSS
7.2
EPSS Score
0.05%
Published
2002-12-31
Updated
2008-09-05
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-12-31
Updated
2008-09-10
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
Max CVSS
7.2
EPSS Score
0.05%
Published
2002-12-31
Updated
2008-09-05
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-11-12
Updated
2016-10-18
Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command.
Max CVSS
7.5
EPSS Score
18.42%
Published
2001-05-03
Updated
2008-09-05
The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-04-14
Updated
2008-09-10
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!