Search criteria
8 vulnerabilities found for qnx_neutrino_rtos by blackberry
CVE-2014-2534 (GCVE-0-2014-2534)
Vulnerability from nvd – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-28T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2534",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2533 (GCVE-0-2014-2533)
Vulnerability from nvd – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2533",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2688 (GCVE-0-2013-2688)
Vulnerability from nvd – Published: 2013-07-12 16:00 – Updated: 2024-09-16 19:05
VLAI?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2688",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:19.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2687 (GCVE-0-2013-2687)
Vulnerability from nvd – Published: 2013-07-12 16:00 – Updated: 2024-09-17 03:33
VLAI?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2534 (GCVE-0-2014-2534)
Vulnerability from cvelistv5 – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-28T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2534",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2533 (GCVE-0-2014-2533)
Vulnerability from cvelistv5 – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2533",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2688 (GCVE-0-2013-2688)
Vulnerability from cvelistv5 – Published: 2013-07-12 16:00 – Updated: 2024-09-16 19:05
VLAI?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2688",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:19.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2687 (GCVE-0-2013-2687)
Vulnerability from cvelistv5 – Published: 2013-07-12 16:00 – Updated: 2024-09-17 03:33
VLAI?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}