CVSS: 8.1EPSS: 1%CPEs: 71EXPL: 0CVE-2019-12263
https://notcve.org/view.php?id=CVE-2019-12263
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Wind River VxWorks versiones 6.9.4 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 4 de 4). Se presenta una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer debido a una condición de carrera. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263 https://support2.windriver.com/index.php?page=security-notices&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2019-12259
https://notcve.org/view.php?id=CVE-2019-12259
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. Wind River VxWorks versiones 6.6, 6.7 , 6.8, 6.9 y vx7, presenta un error de índice de matriz en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: DoS por medio de una desreferencia de NULL en el análisis IGMP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12259 https://support2.windriver.com/index.php?page=security-notices&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 6%CPEs: 70EXPL: 0CVE-2019-12256
https://notcve.org/view.php?id=CVE-2019-12256
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. Wind River VxWorks 6.9 y vx7 tiene un desbordamiento de búfer en el componente IPv4. Existe una vulnerabilidad de seguridad IPNET: desbordamiento de pila en el análisis de las opciones IP de los paquetes IPv4. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256 https://support2.windriver.com/index.php?page=security-notices&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 92%CPEs: 66EXPL: 0CVE-2019-12257
https://notcve.org/view.php?id=CVE-2019-12257
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. Wind River VxWorks versiones 6.6 y 6.9, presenta un Desbordamiento de Búfer en el componente cliente DHCP. Se presenta una vulnerabilidad de seguridad de IPNET: Desbordamiento de la pila en análisis Offer/ACK de DHCP dentro de ipdhcpc. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://security.netapp.com/advisory/ntap-20190802-0001 https://support.f5.com/csp/article/K41190253 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257 https://support2.windriver.com/index.php?page=security-notices https://www.windriver.com/security/announcements/tcp-ip-network- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2015-3447
https://notcve.org/view.php?id=CVE-2015-3447
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. Múltiples vulnerabilidades de XSS en macIpSpoofView.html en Dell SonicWall SonicOS 7.5.0.12 y 6.x permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) searchSpoof o (2) searchSpoofIpDet. • http://seclists.org/fulldisclosure/2015/Apr/97 http://www.securityfocus.com/archive/1/535393/100/0/threaded http://www.securityfocus.com/bid/74406 http://www.securitytracker.com/id/1032204 http://www.vulnerability-lab.com/get_content.php?id=1359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •