CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51787
https://notcve.org/view.php?id=CVE-2023-51787
15 Feb 2024 — An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak. Se descubrió un problema en Wind River VxWorks 7 22.09 y 23.03. Si se cierra una tarea de VxWorks o un subproceso POSIX que utiliza OpenSSL, la memoria limitada por tarea no se libera, lo que genera una pérdida de memoria. • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-38346
https://notcve.org/view.php?id=CVE-2023-38346
22 Sep 2023 — An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which i... • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-38767
https://notcve.org/view.php?id=CVE-2022-38767
25 Nov 2022 — An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. Se descubrió un problema en Wind River VxWorks 6.9 y 7, que permite que un paquete específicamente manipulado enviado por un servidor Radius pueda causar denegación de servicio durante el procedimiento de acceso a IP Radius. • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23937
https://notcve.org/view.php?id=CVE-2022-23937
29 Mar 2022 — In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. En Wind River VxWorks versiones 6.9 y 7, un paquete diseñado específico puede provocar una lectura fuera de límites durante un escenario de intercambio inicial de IKE • https://support2.windriver.com/index.php?page=cve&pg=21#list • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43268
https://notcve.org/view.php?id=CVE-2021-43268
24 Nov 2021 — An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. Se ha detectado un problema en VxWorks versiones 6.9 a 7. En el componente IKE, un paquete específicamente diseñado puede conllevar a una lectura más allá del final de un búfer, o una doble liberación • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-43268 • CWE-415: Double Free •
CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 0CVE-2020-35198
https://notcve.org/view.php?id=CVE-2020-35198
12 May 2021 — An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. Se detectó un problema en Wind River VxWorks versión 7. El asignador de memoria presenta un posible desbordamiento de enteros al calcular el tamaño de un bloque de memoria que es asignado por una función calloc().... • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29997
https://notcve.org/view.php?id=CVE-2021-29997
13 Apr 2021 — An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE. Se detectó un problema en Wind River VxWorks 7 antes de la versión 21.03. Un paquete especialmente diseñado puede provocar una sobrelectura del búfer en IKE. • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-29997 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29999
https://notcve.org/view.php?id=CVE-2021-29999
13 Apr 2021 — An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. Se detectó un problema en Wind River VxWorks versiones hasta 6.8. Se presenta un posible desbordamiento de pila en el servidor DHCP • https://support2.windriver.com/index.php?page=security-notices • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 71EXPL: 0CVE-2021-29998
https://notcve.org/view.php?id=CVE-2021-29998
13 Apr 2021 — An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. Se detectó un problema en Wind River VxWorks versiones anteriores a 6.5. Se presenta un posible desbordamiento de la pila en el cliente dhcp • https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •