CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29999
https://notcve.org/view.php?id=CVE-2021-29999
13 Apr 2021 — An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. Se detectó un problema en Wind River VxWorks versiones hasta 6.8. Se presenta un posible desbordamiento de pila en el servidor DHCP • https://support2.windriver.com/index.php?page=security-notices • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 1CVE-2016-20009
https://notcve.org/view.php?id=CVE-2016-20009
11 Mar 2021 — A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Un desbordamiento del búfer en la región stack de la memoria del cliente DNS en la función ipdnsc_decode_name() afecta a Wind River VxWorks versiones 6.5 hasta 7. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor • https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11440
https://notcve.org/view.php?id=CVE-2020-11440
23 Jul 2020 — httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. httpRpmFs en WebCLI en Wind River VxWorks versiones 5.5 hasta 7 SR0640, no comprueba si se presenta un escape de la web root • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-11440 •
CVSS: 9.8EPSS: 0%CPEs: 49EXPL: 0CVE-2019-12262
https://notcve.org/view.php?id=CVE-2019-12262
14 Aug 2019 — Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). Wind River VxWorks versiones 6.6, 6.7, 6.8, 6.9 y 7, presenta un Control de Acceso Incorrecto en el componente cliente RARP. Vulnerabilidad de seguridad IPNET: Manejo de respuestas Reverse ARP no solicitadas (Fallo Lógico). • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf •
CVSS: 9.8EPSS: 2%CPEs: 72EXPL: 0CVE-2019-12261
https://notcve.org/view.php?id=CVE-2019-12261
09 Aug 2019 — Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. Wind River VxWorks versiones 6.7 hasta 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 3 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer durante la función connect() a un host remoto. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 7%CPEs: 72EXPL: 0CVE-2019-12260
https://notcve.org/view.php?id=CVE-2019-12260
09 Aug 2019 — Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. Wind River VxWorks versiones 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 2 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer causada por una opción AO de TCP malformada. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 38%CPEs: 71EXPL: 1CVE-2019-12258 – URGENT/11 Scanner, Based on Detection Tool by Armis
https://notcve.org/view.php?id=CVE-2019-12258
09 Aug 2019 — Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. Wind River VxWorks versiones 6.6 hasta vx7, presenta una Fijación de Sesión en el componente TCP. Se trata de una vulnerabilidad de seguridad de IPNET: DoS de la conexión TCP por medio de opciones TCP malformadas. • https://packetstorm.news/files/id/180933 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 56%CPEs: 72EXPL: 4CVE-2019-12255 – VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
https://notcve.org/view.php?id=CVE-2019-12255
09 Aug 2019 — Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks presenta un desbordamiento de búfer en el componente TCP (problema 1 de 4). Esta es una vulnerabilidad de seguridad de IPNET: TCP Urgent Pointer = 0 que conduce a un desbordamiento de enteros. VxWorks version 6.8 suffers from an integer underflow vulnerability. • https://packetstorm.news/files/id/154022 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 1%CPEs: 73EXPL: 0CVE-2019-12265
https://notcve.org/view.php?id=CVE-2019-12265
09 Aug 2019 — Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. Wind River VxWorks versiones 6.5, 6.6, 6.7, 6.8, 6.9.3 y 6.9.4, presenta una Pérdida de Memoria en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: Un filtrado de información de IGMP por medio de un reporte de membresía específico de IGMPv3. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 1%CPEs: 71EXPL: 0CVE-2019-12263
https://notcve.org/view.php?id=CVE-2019-12263
09 Aug 2019 — Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Wind River VxWorks versiones 6.9.4 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 4 de 4). Se presenta una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer debido a una condición de carrera. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •