CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28895 – integer overflow in calloc
https://notcve.org/view.php?id=CVE-2020-28895
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. En Wind River VxWorks, el asignador de memoria presenta un posible desbordamiento en el calculo del tamaño del bloque de memoria que se asignará por medio de la función calloc(). Como resultado, la memoria real asignada es menor que el tamaño del búfer especificado por los argumentos, conllevando a una corrupción en la memoria • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11440
https://notcve.org/view.php?id=CVE-2020-11440
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. httpRpmFs en WebCLI en Wind River VxWorks versiones 5.5 hasta 7 SR0640, no comprueba si se presenta un escape de la web root • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-11440 https://windriver.com •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10288 – RVD#3327: No authentication required for accesing ABB IRC5 FTP server
https://notcve.org/view.php?id=CVE-2020-10288
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. IRC5 expone un servidor ftp (puerto 21). Al intentar conseguir acceso, se le solicita una petición de nombre de usuario y contraseña, sin embargo, puede ingresar lo que desee. • https://github.com/aliasrobotics/RVD/issues/3327 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10664
https://notcve.org/view.php?id=CVE-2020-10664
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. El componente IGMP en VxWorks versiones 6.8.3 parches de CVE del IPNET creados en 2019, tiene una Desreferencia del Puntero NULL. • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-10664 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 49EXPL: 0CVE-2019-12262
https://notcve.org/view.php?id=CVE-2019-12262
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). Wind River VxWorks versiones 6.6, 6.7, 6.8, 6.9 y 7, presenta un Control de Acceso Incorrecto en el componente cliente RARP. Vulnerabilidad de seguridad IPNET: Manejo de respuestas Reverse ARP no solicitadas (Fallo Lógico). • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262 •