An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:LBlackberry Qnx Software Development Platform
APPBlackberry6.4.0 – 6.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
Powiązane podatności
CVE-2025-2474CRITICAL9.8PL ✓ten sam produkt
Out-of-bounds write w kodeku PCX w BlackBerry QNX SDP — RCE i DoS
CVE-2024-48856CRITICAL9.8PL ✓ten sam produkt
Out-of-bounds write w kodeku PCX w BlackBerry QNX SDP — RCE i DoS
CVE-2024-35213CRITICAL9.0PL ✓ten sam produkt
Podatność improper input validation w SGI Image Codec QNX SDP
CVE-2021-32024CRITICAL9.8ten sam produkt
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could...
CVE-2021-22156CRITICAL9.0ten sam produkt
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of Bl...