Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 20 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-35198

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

Published: May 12, 2021; 7:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-20009

** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published: March 11, 2021; 5:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-28895

In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

Published: February 03, 2021; 11:15:13 AM -0500
V3.1: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2020-11440

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.

Published: July 23, 2020; 10:15:12 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-12262

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

Published: August 14, 2019; 4:15:11 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-12260

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

Published: August 09, 2019; 5:15:11 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-12258

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Published: August 09, 2019; 4:15:11 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-12255

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

Published: August 09, 2019; 4:15:11 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-12259

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

Published: August 09, 2019; 3:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-12257

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Published: August 09, 2019; 2:15:11 PM -0400
V3.0: 8.8 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

Published: August 09, 2019; 2:15:11 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-9865

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

Published: May 29, 2019; 1:29:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-7599

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.

Published: February 07, 2017; 12:59:00 PM -0500
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2015-3963

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Published: August 03, 2015; 9:59:07 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0716

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.

Published: March 20, 2013; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-0715

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.

Published: March 20, 2013; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-0714

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.

Published: March 20, 2013; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-0713

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.

Published: March 20, 2013; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0712

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.

Published: March 20, 2013; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0711

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.

Published: March 20, 2013; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH