CVSS: 8.1EPSS: 1%CPEs: 71EXPL: 0CVE-2019-12263
https://notcve.org/view.php?id=CVE-2019-12263
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Wind River VxWorks versiones 6.9.4 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 4 de 4). Se presenta una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer debido a una condición de carrera. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263 https://support2.windriver.com/index.php?page=security-notices&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2019-12259
https://notcve.org/view.php?id=CVE-2019-12259
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. Wind River VxWorks versiones 6.6, 6.7 , 6.8, 6.9 y vx7, presenta un error de índice de matriz en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: DoS por medio de una desreferencia de NULL en el análisis IGMP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12259 https://support2.windriver.com/index.php?page=security-notices&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 6%CPEs: 70EXPL: 0CVE-2019-12256
https://notcve.org/view.php?id=CVE-2019-12256
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. Wind River VxWorks 6.9 y vx7 tiene un desbordamiento de búfer en el componente IPv4. Existe una vulnerabilidad de seguridad IPNET: desbordamiento de pila en el análisis de las opciones IP de los paquetes IPv4. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256 https://support2.windriver.com/index.php?page=security-notices&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 92%CPEs: 66EXPL: 0CVE-2019-12257
https://notcve.org/view.php?id=CVE-2019-12257
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. Wind River VxWorks versiones 6.6 y 6.9, presenta un Desbordamiento de Búfer en el componente cliente DHCP. Se presenta una vulnerabilidad de seguridad de IPNET: Desbordamiento de la pila en análisis Offer/ACK de DHCP dentro de ipdhcpc. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257 https://support2.windriver.com/index.php?page=security-notices https://www.windriver.com/security/announcements/tcp-ip-network- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7476
https://notcve.org/view.php?id=CVE-2019-7476
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. Una vulnerabilidad en SonicWall Global Management System (GMS) permite a un atacante remoto obtener acceso empleando una clave SSH existente. Esta vulnerabilidad afecta las versiones de GMS 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0004 • CWE-284: Improper Access Control CWE-1188: Initialization of a Resource with an Insecure Default •