CVE-2016-20009
https://notcve.org/view.php?id=CVE-2016-20009
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Un desbordamiento del búfer en la región stack de la memoria del cliente DNS en la función ipdnsc_decode_name() afecta a Wind River VxWorks versiones 6.5 hasta 7. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor • https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf • CWE-787: Out-of-bounds Write •
CVE-2020-11440
https://notcve.org/view.php?id=CVE-2020-11440
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. httpRpmFs en WebCLI en Wind River VxWorks versiones 5.5 hasta 7 SR0640, no comprueba si se presenta un escape de la web root • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-11440 https://windriver.com •
CVE-2020-10664
https://notcve.org/view.php?id=CVE-2020-10664
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. El componente IGMP en VxWorks versiones 6.8.3 parches de CVE del IPNET creados en 2019, tiene una Desreferencia del Puntero NULL. • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-10664 • CWE-476: NULL Pointer Dereference •
CVE-2019-12262
https://notcve.org/view.php?id=CVE-2019-12262
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). Wind River VxWorks versiones 6.6, 6.7, 6.8, 6.9 y 7, presenta un Control de Acceso Incorrecto en el componente cliente RARP. Vulnerabilidad de seguridad IPNET: Manejo de respuestas Reverse ARP no solicitadas (Fallo Lógico). • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262 •
CVE-2019-12261
https://notcve.org/view.php?id=CVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. Wind River VxWorks versiones 6.7 hasta 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 3 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer durante la función connect() a un host remoto. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12261 https://support2.windriver.com/index.php?page=security-notices • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •