Vulnerabilities > QNX > Rtos > High

DATE CVE VULNERABILITY TITLE RISK
2006-02-09 CVE-2006-0623 Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.3.0
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
local
low complexity
qnx
7.2
2006-02-09 CVE-2006-0621 Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.0
Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.
local
low complexity
qnx
7.2
2005-12-31 CVE-2005-1528 Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.1
Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.
local
low complexity
qnx
7.2
2002-12-31 CVE-2002-2042 Unspecified vulnerability in QNX Rtos 4.25/6.1.0
ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.
local
low complexity
qnx
7.2
2002-12-31 CVE-2002-2041 Buffer Overflow vulnerability in QNX Rtos 6.1.0
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
local
low complexity
qnx
7.2
2002-12-31 CVE-2002-2040 Unspecified vulnerability in QNX Rtos 4.25/6.1.0
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
local
low complexity
qnx
7.2
2002-11-12 CVE-2002-1239 Unspecified vulnerability in QNX Rtos 6.2.0
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
local
low complexity
qnx
7.2