Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

QNX Software Development Platform (QNX SDP)

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2019-8998
Assigner-BlackBerry
ShareView Details
Assigner-BlackBerry
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.90%
||
7 Day CHG-0.01%
Published-12 Jul, 2019 | 15:30
Updated-22 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_software_development_platformQNX Software Development Platform (QNX SDP)
CWE ID-CWE-413
Improper Resource Locking
CVE-2017-3891
Assigner-BlackBerry
ShareView Details
Assigner-BlackBerry
CVSS Score-9.6||CRITICAL
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-14 Nov, 2017 | 21:00
Updated-22 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_software_development_platformQNX Software Development Platform (QNX SDP)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2017-3893
Assigner-BlackBerry
ShareView Details
Assigner-BlackBerry
CVSS Score-1.9||LOW
EPSS-0.21% / 42.81%
||
7 Day CHG~0.00%
Published-14 Nov, 2017 | 21:00
Updated-22 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete vulnerability mitigations

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_software_development_platformQNX Software Development Platform (QNX SDP)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2017-9371
Assigner-BlackBerry
ShareView Details
Assigner-BlackBerry
CVSS Score-2.6||LOW
EPSS-0.24% / 47.30%
||
7 Day CHG~0.00%
Published-14 Nov, 2017 | 21:00
Updated-22 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_software_development_platformQNX Software Development Platform (QNX SDP)
CWE ID-CWE-332
Insufficient Entropy in PRNG