CVE-2021-32025

CVE-2021-32025 is an elevation of privilege vulnerability in the QNX Neutrino Kernel affecting multiple QNX platforms (Software Development Platform 6.4.0–7.0, Momentics 6.3.x, OS for Safety 1.0.0–1.0.2 and 2.0.0–2.0.1, OS for Medical 1.0.0–1.1.1, and OS for Medical 2.0.0). An unprivileged attack...

CVE-2021-22156

An integer overflow vulnerability in the calloc function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform SDP versions 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2021:0744 Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.16.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...

ALSA-2020:1317 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...

Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...

CVE-2019-8998

CVE-2019-8998 affects BlackBerry QNX Software Development Platform up to version 6.5.0 SP1. The procfs (/proc) service exposes process information, enabling a less-privileged local attacker to access a target process address space (information disclosure leading to local privilege escalation). Se...

BlackBerry QNX Software Development Platform Information Disclosure Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...

BlackBerry QNX Software Development Platform Elevation of Privilege Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An elevation of privilege vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...

CVE-2017-9371

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...

CVE-2017-9369

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...

Buffer overflow

In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...

Default configuration

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...

CVE-2017-3892

In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...

Information disclosure

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...

CVE-2017-3893 Incomplete vulnerability mitigations

In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...

CVE-2017-9371

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...

CVE-2013-2687

Stack-based buffer overflow in the bpedecompress function in 1 BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and 2 QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service application crash or possibly execute...