Search criteria
12 vulnerabilities found for qnx_neutrino_rtos by blackberry
FKIE_CVE-2014-2534
Vulnerability from fkie_nvd - Published: 2014-03-18 05:18 - Updated: 2025-04-12 10:46
Severity ?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "39364705-D046-4BA2-9BFF-ACF2F75EC209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
},
{
"lang": "es",
"value": "/sbin/pppoectl en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de l\u00edneas \"bad parameter\" en mensajes de error, tal y como fue demostrado por la lectura del hash de contrase\u00f1a root en /etc/shadow.\n\n"
}
],
"id": "CVE-2014-2534",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T05:18:19.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32156/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2533
Vulnerability from fkie_nvd - Published: 2014-03-18 05:18 - Updated: 2025-04-12 10:46
Severity ?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "39364705-D046-4BA2-9BFF-ACF2F75EC209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
},
{
"lang": "es",
"value": "/sbin/ifwatchd en BlackBerry QNX Neutrino RTOS 6.4.x y 6.5.x permite a usuarios locales ganar privilegios proporcionando un nombre de programa arbitrario como un argumento de l\u00ednea de comandos."
}
],
"id": "CVE-2014-2533",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T05:18:19.143",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32153/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32153/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45575/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2688
Vulnerability from fkie_nvd - Published: 2013-07-12 16:56 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | - | |
| blackberry | qnx_neutrino_rtos | * | |
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F053696-43DE-40F3-933F-8C01721D3D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3CF6AE0F-3167-47A8-9727-89DC0133C0B4",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo mediante una serie de paquetes manipulados sobre el puerto TCP 4868, que provoca una gesti\u00f3n inadecuada del fichero /dev/photon"
}
],
"id": "CVE-2013-2688",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-12T16:56:12.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2687
Vulnerability from fkie_nvd - Published: 2013-07-12 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics_tool_suite | * | |
| blackberry | qnx_momentics_tool_suite | 4.5 | |
| blackberry | qnx_momentics_tool_suite | 4.6 | |
| blackberry | qnx_momentics_tool_suite | 4.7 | |
| blackberry | qnx_momentics_tool_suite | 6.5.0 | |
| blackberry | qnx_software_development_platform | - | |
| blackberry | qnx_neutrino_rtos | * | |
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1F184BC9-8E64-4976-8E3A-F6FF4C1593DB",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A796624B-7F7A-4A92-B83E-D592096B9753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "97DA1B48-77C6-4C30-816E-B0BC2FEF3401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "856700E9-717A-4CE1-A451-23090ACC0A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7819F1A5-3519-4EEF-895D-B76A452BD4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F053696-43DE-40F3-933F-8C01721D3D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3CF6AE0F-3167-47A8-9727-89DC0133C0B4",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n bpe_decompress en (1) BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 y (2) QNX Momentics Tool Suite hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicacion) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de paquetes sobre el puerto TCP 4868 manipulados."
}
],
"id": "CVE-2013-2687",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-12T16:55:01.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-2534 (GCVE-0-2014-2534)
Vulnerability from cvelistv5 – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-28T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2534",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2533 (GCVE-0-2014-2533)
Vulnerability from cvelistv5 – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2533",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2688 (GCVE-0-2013-2688)
Vulnerability from cvelistv5 – Published: 2013-07-12 16:00 – Updated: 2024-09-16 19:05
VLAI?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2688",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:19.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2687 (GCVE-0-2013-2687)
Vulnerability from cvelistv5 – Published: 2013-07-12 16:00 – Updated: 2024-09-17 03:33
VLAI?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2534 (GCVE-0-2014-2534)
Vulnerability from nvd – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-28T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32156",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading \"bad parameter\" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32156/"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2534",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2533 (GCVE-0-2014-2533)
Vulnerability from nvd – Published: 2014-03-18 01:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/124"
},
{
"name": "45575",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45575/"
},
{
"name": "20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/66"
},
{
"name": "20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/98"
},
{
"name": "20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/88"
},
{
"name": "32153",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2533",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2688 (GCVE-0-2013-2688)
Vulnerability from nvd – Published: 2013-07-12 16:00 – Updated: 2024-09-16 19:05
VLAI?
Summary
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2688",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:19.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2687 (GCVE-0-2013-2687)
Vulnerability from nvd – Published: 2013-07-12 16:00 – Updated: 2024-09-17 03:33
VLAI?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}