CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2019-12259
https://notcve.org/view.php?id=CVE-2019-12259
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. Wind River VxWorks versiones 6.6, 6.7 , 6.8, 6.9 y vx7, presenta un error de índice de matriz en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: DoS por medio de una desreferencia de NULL en el análisis IGMP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12259 https://support2.windriver.com/index.php?page=security-notices&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 6%CPEs: 70EXPL: 0CVE-2019-12256
https://notcve.org/view.php?id=CVE-2019-12256
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. Wind River VxWorks 6.9 y vx7 tiene un desbordamiento de búfer en el componente IPv4. Existe una vulnerabilidad de seguridad IPNET: desbordamiento de pila en el análisis de las opciones IP de los paquetes IPv4. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256 https://support2.windriver.com/index.php?page=security-notices&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 92%CPEs: 66EXPL: 0CVE-2019-12257
https://notcve.org/view.php?id=CVE-2019-12257
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. Wind River VxWorks versiones 6.6 y 6.9, presenta un Desbordamiento de Búfer en el componente cliente DHCP. Se presenta una vulnerabilidad de seguridad de IPNET: Desbordamiento de la pila en análisis Offer/ACK de DHCP dentro de ipdhcpc. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257 https://support2.windriver.com/index.php?page=security-notices https://www.windriver.com/security/announcements/tcp-ip-network- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 50EXPL: 0CVE-2019-12264
https://notcve.org/view.php?id=CVE-2019-12264
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Wind River VxWorks versiones 6.6, 6.7, 6.8, 6.9.3, 6.9.4 y Vx7 tiene un control de acceso incorrecto en la asignación de IPv4 por el componente de cliente ipdhcpc DHCP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://support.f5.com/csp/article/K41190253 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264 https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0CVE-2019-9865
https://notcve.org/view.php?id=CVE-2019-9865
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. Cuando RPC está habilitado en Wind River VxWorks versión 6.9 anterior a la versión 6.9.1, una petición RPC especialmente creada puede desencadenar un desbordamiento de enteros que conlleva a una copia de memoria fuera de límites. Puede permitir que los atacantes remotos generen una Denegación de Servicio (DoS) (bloqueo) o potencialmente ejecuten un código arbitrario. • https://support2.windriver.com/index.php?page=security-notices https://www.windriver.com/feeds/wind_river_security_notices.xml • CWE-190: Integer Overflow or Wraparound •