Total
37 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-20009 | 2 Siemens, Windriver | 15 Sgt-100, Sgt-100 Firmware, Sgt-200 and 12 more | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2022-38767 | 1 Windriver | 1 Vxworks | 2024-02-04 | N/A | 7.5 HIGH |
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. | |||||
CVE-2022-23937 | 1 Windriver | 1 Vxworks | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. | |||||
CVE-2021-43268 | 1 Windriver | 1 Vxworks | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. | |||||
CVE-2020-35198 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | |||||
CVE-2021-29999 | 1 Windriver | 1 Vxworks | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. | |||||
CVE-2021-29998 | 2 Siemens, Windriver | 69 Ruggedcom Win Subscriber Station, Ruggedcom Win Subscriber Station Firmware, Scalance X200-4 P Irt and 66 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. | |||||
CVE-2021-29997 | 1 Windriver | 1 Vxworks | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE. | |||||
CVE-2020-28895 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | |||||
CVE-2020-10288 | 2 Abb, Windriver | 4 Irb140, Irc5, Robotware and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. | |||||
CVE-2020-10664 | 1 Windriver | 1 Vxworks | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. | |||||
CVE-2020-11440 | 1 Windriver | 1 Vxworks | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. | |||||
CVE-2019-12261 | 6 Belden, Netapp, Oracle and 3 more | 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | |||||
CVE-2019-12257 | 5 Belden, Netapp, Siemens and 2 more | 46 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 43 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | |||||
CVE-2019-12256 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | |||||
CVE-2019-9865 | 1 Windriver | 1 Vxworks | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. | |||||
CVE-2019-12259 | 4 Belden, Siemens, Sonicwall and 1 more | 49 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 46 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | |||||
CVE-2019-12262 | 3 Belden, Siemens, Windriver | 42 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 39 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). | |||||
CVE-2019-12263 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | |||||
CVE-2019-12255 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. |