VYPR

Vxworks

by Windriver

CVEs (40)

  • CVE-2021-29999Apr 13, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.

  • CVE-2021-29998Apr 13, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.

  • CVE-2016-20009Mar 11, 2021
    risk 0.00cvss epss 0.02

    A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2020-28895Feb 3, 2021
    risk 0.00cvss epss 0.01

    In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

  • CVE-2020-11440Jul 23, 2020
    risk 0.00cvss epss 0.01

    httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.

  • CVE-2020-10664Apr 27, 2020
    risk 0.00cvss epss 0.01

    The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.

  • CVE-2019-12262Aug 14, 2019
    risk 0.00cvss epss 0.04

    Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

  • CVE-2019-12263Aug 9, 2019
    risk 0.00cvss epss 0.03

    Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

  • CVE-2019-12264Aug 5, 2019
    risk 0.00cvss epss 0.08

    Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

  • CVE-2019-9865May 29, 2019
    risk 0.00cvss epss 0.02

    When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

  • CVE-2015-3963Aug 4, 2015
    risk 0.00cvss epss 0.04

    Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence…

  • CVE-2013-0716Mar 20, 2013
    risk 0.00cvss epss 0.02

    The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.

  • CVE-2013-0715Mar 20, 2013
    risk 0.00cvss epss 0.02

    The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.

  • CVE-2013-0713Mar 20, 2013
    risk 0.00cvss epss 0.02

    IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.

  • CVE-2013-0712Mar 20, 2013
    risk 0.00cvss epss 0.03

    IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.

  • CVE-2013-0711Mar 20, 2013
    risk 0.00cvss epss 0.03

    IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.

  • CVE-2010-2968Aug 5, 2010
    risk 0.00cvss epss 0.01

    The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2010-2967Aug 5, 2010
    risk 0.00cvss epss 0.02

    The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

  • CVE-2010-2966Aug 5, 2010
    risk 0.00cvss epss 0.02

    The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2)…

  • CVE-2008-2476Oct 3, 2008
    risk 0.00cvss epss 0.07

    The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery…

Page 2 of 2