CVSS: 8.8EPSS: 92%CPEs: 66EXPL: 0CVE-2019-12257
https://notcve.org/view.php?id=CVE-2019-12257
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. Wind River VxWorks versiones 6.6 y 6.9, presenta un Desbordamiento de Búfer en el componente cliente DHCP. Se presenta una vulnerabilidad de seguridad de IPNET: Desbordamiento de la pila en análisis Offer/ACK de DHCP dentro de ipdhcpc. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257 https://support2.windriver.com/index.php?page=security-notices https://www.windriver.com/security/announcements/tcp-ip-network- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 50EXPL: 0CVE-2019-12264
https://notcve.org/view.php?id=CVE-2019-12264
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Wind River VxWorks versiones 6.6, 6.7, 6.8, 6.9.3, 6.9.4 y Vx7 tiene un control de acceso incorrecto en la asignación de IPv4 por el componente de cliente ipdhcpc DHCP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://support.f5.com/csp/article/K41190253 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264 https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2509
https://notcve.org/view.php?id=CVE-2016-2509
The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. La funcionalidad password-sync en switches Belden Hirschmann Classic Platform L2B en versiones anteriores a 05.3.07 y L2E, L2P, L3E y L3P en versiones anteriores a 09.0.06 establece una comunidad SNMP a la misma cadena que la contraseña de administrador, lo que permite a atacantes remotos obtener información sensible husmeando la red. • http://www.kb.cert.org/vuls/id/507216 https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •