Lucene search
K

18 matches found

CVE
CVE
added 2005/11/30 11:0 a.m.58 views

CVE-2005-3928

The CVE-2005-3928 issue affects QNX 6.2.1 and 6.3.0, where a buffer overflow in the phgrafx component is triggered by a long command line argument, allowing a local user to execute arbitrary code. The NVD entry lists a base score of 4.6 (MEDIUM) with local attack vector and no authentication. No ...

4.6CVSS7.9AI score0.01195EPSS
CVE
CVE
added 2006/02/09 2:0 a.m.58 views

CVE-2006-0623

CVE-2006-0623 is associated with QNX Neutrino RTOS 6.3.0. The vulnerability arises because /etc/rc.d/rc.local is shipped with world-writable permissions, allowing local users to modify the file and thereby execute arbitrary code at system startup. The connected records confirm the affected softwa...

7.2CVSS7.2AI score0.00913EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.53 views

CVE-2002-2039

In QNX RTOS versions 4.25 and 6.1.0, /bin/su allows local users to read sensitive information from core dump files by sending SIGSERV (invalid memory reference); impact is partial confidentiality. The description notes the local privilege/impact but does not provide exploitable details, affected ...

2.1CVSS6.2AI score0.00844EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.52 views

CVE-2002-2120

CVE-2002-2120 affects QNX RTOS 4.25. The vulnerability consists of multiple buffer overflows in the OS kernel/user interfaces that can be triggered by long filename arguments to (1) Watcom or (2) int10, potentially allowing arbitrary code execution. Public references likewise describe buffer over...

4.6CVSS8.1AI score0.00634EPSS
CVE
CVE
added 2006/02/09 1:0 a.m.51 views

CVE-2005-1528

CVE-2005-1528 affects QNX Neutrino RTOS 6.2.1, where the crttrap command is vulnerable to untrusted search path issues. A local user can set LD_LIBRARY_PATH to point to a malicious library, which crttrap may load, leading to arbitrary code execution with root privileges because crttrap is install...

7.2CVSS6.5AI score0.0084EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.50 views

CVE-2002-2040

CVE-2002-2040 affects QNX RTOS versions 4.25 and 6.1.0, where the phrafx and phgrafx-startup programs fail to drop privileges before running the system command. This allows local users to execute arbitrary commands by manipulating the PATH to reference a malicious crttrap program. Impact is descr...

7.2CVSS7.6AI score0.01083EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.50 views

CVE-2004-1391

The CVE-2004-1391 entry concerns the PPPoE daemon (PPPoEd) in QNX RTP 6.1, where an untrusted execution path allows local users to execute arbitrary programs by manipulating the PATH environment variable to reference a malicious mount program. This describes a local-privilege problem rooted in PA...

4.6CVSS7.4AI score0.00561EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.49 views

CVE-2002-1983

CVE-2002-1983 affects QNX RTOS 6.1.0. The timer implementation is vulnerable: by creating multiple timers with a 1‑ms tick, local users can cause a denial of service (hang) and potentially execute arbitrary code. Impact described as local, with partial availability impact. No explicit remediation...

2.1CVSS7.7AI score0.00988EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.48 views

CVE-2002-2041

CVE-2002-2041 affects RTOS 6.1.0 due to multiple buffer overflows that let a local attacker execute arbitrary code. Exploitation vectors are (1) a long ABLANG environment variable in phlocale and (2) a long -u option to pkg-installer. CVSSv2 base score is 7.2 (HIGH); impact is complete confidenti...

7.2CVSS7.8AI score0.01237EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.48 views

CVE-2004-1390

CVE-2004-1390 affects the PPPoE daemon (PPPoEd) in QNX RTP 6.1 . The issue is described as multiple buffer overflows in PPPoEd that allow a remote attacker to execute arbitrary code by supplying a long argument to any of the flags: -F, name, en, upscript, downscript, retries, timeout, scriptdetac...

10CVSS8.2AI score0.0734EPSS
CVE
CVE
added 2006/02/09 2:0 a.m.47 views

CVE-2006-0620

CVE-2006-0620 describes a race condition in the phfont component of QNX Neutrino RTOS 6.2.1. The flaw allows local users to execute arbitrary code through unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables. Connected documents do not provide additional technical specif...

6.2CVSS7.4AI score0.00804EPSS
CVE
CVE
added 2006/02/09 2:0 a.m.47 views

CVE-2006-0622

CVE-2006-0622 affects QNX Neutrino RTOS 6.3.0 . The vulnerability allows local users to cause a denial of service (hang) by supplying a command to gdb: specifically triggering with the string "break *0xb032d59f". The associated sources in the connected documents corroborate the page-level descrip...

4.9CVSS6.4AI score0.00465EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.46 views

CVE-2002-2042

CVE-2002-2042 affects the QNX RTOS, specifically versions 4.25 and 6.1.0, where the ptrace facility lets a program attach to privileged processes. This could enable a local user to modify running processes and potentially execute arbitrary code, constituting a local privilege escalation. The prov...

7.2CVSS7.6AI score0.01034EPSS
CVE
CVE
added 2007/11/01 5:0 p.m.46 views

CVE-2002-2407

CVE-2002-2407 concerns QNX Neutrino RTOS 6.2.0 patches that incorrectly set insecure permissions on a set of binaries (e.g., /sbin/io-audio, /bin/shutdown, /sbin/fs-pkg, phshutdown, plus game binaries in pack 2.0.3). The issue enables local users to gain privileges by modifying these files before...

6.9CVSS7AI score0.00289EPSS
CVE
CVE
added 2006/02/09 2:0 a.m.46 views

CVE-2006-0619

CVE-2006-0619 describes multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0. Local users can execute arbitrary code by supplying overly long values in environment variables (ABLPATH, ABLANG in libAP.so.2 or PHOTON_PATH used by setitem in libph). The entry lists these vectors and affe...

4.6CVSS7.5AI score0.00497EPSS
CVE
CVE
added 2006/02/09 2:0 a.m.46 views

CVE-2006-0621

CVE-2006-0621 describes multiple buffer overflows in QNX Neutrino RTOS 6.2.0 that allow a local user to execute arbitrary code by supplying a long first argument to the (1) su or (2) passwd commands. The issue stems from unsafe handling in those utilities, enabling local code execution with full ...

7.2CVSS7.4AI score0.005EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.45 views

CVE-2002-1239

The CVE-2002-1239 issue affects QNX Neutrino RTOS 6.2.0 where a setuid root packager uses external commands without full paths, causing local privilege escalation by manipulating PATH to point to a malicious cp. The underlying problem is unvalidated PATH-based execution of external binaries, enab...

7.2CVSS6.7AI score0.00903EPSS
CVE
CVE
added 2005/08/29 4:0 a.m.45 views

CVE-2005-2725

The CVE-2005-2725 entry concerns QNX RTOS: vulnerable component is the inputtrap utility, affected in versions including 6.1.0 and 6.3 (possibly earlier). The root cause is improper permission checks when the -t flag is used, enabling local users to read arbitrary files. Impact is limited to loca...

2.1CVSS6.8AI score0.00833EPSS