VYPR

Neutrino Rtos

by QNX

CVEs (12)

  • CVE-2006-0623Feb 9, 2006
    risk 0.03cvss epss 0.01

    QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.

  • CVE-2006-0620Feb 9, 2006
    risk 0.03cvss epss 0.01

    Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.

  • CVE-2005-1528Dec 31, 2005
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.

  • CVE-2002-1239Nov 12, 2002
    risk 0.03cvss epss 0.01

    QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.

  • CVE-2013-2688Jul 12, 2013
    risk 0.01cvss epss 0.07

    Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage…

  • CVE-2011-4060Oct 18, 2011
    risk 0.00cvss epss 0.00

    The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

  • CVE-2006-0618Feb 9, 2006
    risk 0.00cvss epss 0.00

    Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).

  • CVE-2006-0619Feb 9, 2006
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2) or (3) a long PHOTON_PATH environment variable to the setitem function in the…

  • CVE-2006-0622Feb 9, 2006
    risk 0.00cvss epss 0.00

    QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of service (hang) by supplying a "break *0xb032d59f" command to gdb.

  • CVE-2006-0621Feb 9, 2006
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.

  • CVE-2002-2409Dec 31, 2002
    risk 0.00cvss epss 0.01

    Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.

  • CVE-2002-2407Dec 31, 2002
    risk 0.00cvss epss 0.00

    Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and…