Vulnerabilities > QNX > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-09 | CVE-2006-0623 | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.3.0 QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup. | 7.2 |
2006-02-09 | CVE-2006-0621 | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.0 Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands. | 7.2 |
2005-12-31 | CVE-2005-1528 | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.1 Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. | 7.2 |
2004-08-26 | CVE-2004-1681 | Utility Server Flag Buffer Overflow vulnerability in QNX Photon Microgui and RTP Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter. | 7.2 |
2002-12-31 | CVE-2002-2042 | Unspecified vulnerability in QNX Rtos 4.25/6.1.0 ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes. | 7.2 |
2002-12-31 | CVE-2002-2041 | Buffer Overflow vulnerability in QNX Rtos 6.1.0 Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer. | 7.2 |
2002-12-31 | CVE-2002-2040 | Unspecified vulnerability in QNX Rtos 4.25/6.1.0 The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program. | 7.2 |
2002-11-12 | CVE-2002-1239 | Unspecified vulnerability in QNX Rtos 6.2.0 QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. | 7.2 |
2001-05-03 | CVE-2001-0325 | Buffer Overflow vulnerability in QNX RTP 5.60 Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command. | 7.5 |
2000-04-14 | CVE-2000-0250 | Unspecified vulnerability in QNX 4.25A The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords. | 7.2 |