Lucene search
+L

552 matches found

CVE
CVE
added 2024/02/15 12:0 a.m.94 views

CVE-2023-51787

CVE-2023-51787 affects Wind River VxWorks 7 22.09 and 23.03. The issue occurs when a VxWorks task or POSIX thread that uses OpenSSL exits, causing the per‑task memory not to be freed and resulting in a memory leak. The described impact is a memory availability concern (high severity per CVSS) but...

7.5CVSS6.8AI score0.00487EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/15 12:0 a.m.30 views

CVE-2023-51787

An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak...

6.8AI score0.00487EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/18 12:0 a.m.25 views

Mitsubishi Electric MELSEC-Q Series C Controller Module Denial of Service and Malicious Code Execution (CVE-2021-29998)

Denial of Service and Malicious Code Execution Vulnerability exists in DHCP client function of VxWorks version 6.4, a real-time OS distributed by Wind River. A remote attacker may cause a denial of service DoS condition or execute malicious code on a target product by sending specially crafted...

9.8CVSS8.7AI score0.02373EPSS
Exploits0References3
ICS
ICS
added 2023/11/14 12:0 a.m.52 views

Siemens SIPROTEC 4 7SJ66

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.3AI score0.7525EPSS
Exploits7References12
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.20 views

Hitachi Energys RTU500 Series Product Out-of-Bounds Read (CVE-2022-23937)

A vulnerability exists in the Wind River VxWorks version 6.9 that affects the RTU500 series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 – 12.0.14 12.2.1 – 12.2.11 12.4.1 – 12.4.11 12.6.1 – 12.6.8 12.7.1 – 12.7.5 13.2.1 – 13.2.5 13.3.1 – 13.3.3 13.4.1 In...

9.8CVSS7.6AI score0.87816EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.7 views

The vulnerability of the tarExtract function in real-time operating systems like Wind River VxWorks allows attackers to execute arbitrary commands.

The vulnerability of the tarExtract function in real-time operating systems like Wind River VxWorks relates to the ability to bypass the directory structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by introducing a malicious tar file...

8.3CVSS7.9AI score0.01239EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/22 7:15 p.m.6 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8CVSS7.4AI score0.01239EPSS
Exploits1References4
OSV
OSV
added 2023/09/22 7:15 p.m.5 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8CVSS5.8AI score0.01239EPSS
Exploits1References3
NVD
NVD
added 2023/09/22 7:15 p.m.25 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8CVSS8.6AI score0.01239EPSS
Exploits1References3
Prion
Prion
added 2023/09/22 7:15 p.m.16 views

Directory traversal

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

6.5CVSS8.5AI score0.01239EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/22 12:0 a.m.25 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8AI score0.01239EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/22 12:0 a.m.15 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

6.8AI score0.01239EPSS
Exploits1References3
CVE
CVE
added 2023/09/22 12:0 a.m.56 views

CVE-2023-38346

Wind River VxWorks 6.9 and 7 are affected by CVE-2023-38346 due to the tarExtract function handling TAR archives without proper path validation, which may allow directory traversal and unintended behavior. The issue arises from tarExtract processing files with relative or absolute paths and not c...

8.8CVSS8.5AI score0.01239EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.6 views

Wind River VxWorks Path Traversal Vulnerability

Wind River VxWorks is an operating system from Wind River Systems, Inc. the industry-leading real-time operating system for building embedded devices and systems. A security vulnerability exists in Wind River VxWorks that stems from a flaw in the tarExtract function that could lead to unexpected...

8.8CVSS6.7AI score0.01239EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.9 views

PT-2023-5463 · Wind River · Vxworks

Name of the Vulnerable Software and Affected Versions: Wind River VxWorks versions 6.9 through 7 Description: An issue was discovered in the tarExtract function, which implements TAR file extraction and processes files within an archive that have relative or absolute file paths. This could lead t...

8.8CVSS8AI score0.01239EPSS
Exploits1References15
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.8 views

The vulnerability of the IKE protocol implementation in real-time operating systems like Wind River VxWorks allows attackers to trigger service failures or gain access to confidential information.

The vulnerability of the IKE protocol implementation in real-time operating systems like Wind River VxWorks relates to reading beyond the boundary. Exploiting this vulnerability can allow a malicious actor to cause service failures or gain access to confidential information...

7.8CVSS7.2AI score0.00994EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.28 views

Siemens RADIUS Client of SIPROTEC 5 Devices Loop with Unreachable Exit Condition (CVE-2022-38767)

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.5CVSS7.5AI score0.01028EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/05/13 2:14 a.m.5 views

SUSE CVE-2005-3804

Cisco IP Phone VoIP 7920 1.08 listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service...

6.4CVSS6.8AI score0.02495EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/10 12:0 a.m.36 views

ABB Improper Neutralization of Argument Delimiters in a Command in Wind River VxWorks (CVE-2019-12262)

Wind River is the provider of a real time operating system called VxWorks which is used in the embedded software of the PM 877 Controller. Wind River has announced security vulnerabilities in the VxWorks TCP/IP stack IPnet and management of memory block size Bad Alloc. The controller PM 877 is...

9.8CVSS9AI score0.04116EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/10 12:0 a.m.32 views

ABB Concurrent Execution Using Shared Resource with Improper Synchronization in Wind River VxWorks (CVE-2019-12263)

Wind River is the provider of a real time operating system called VxWorks which is used in the embedded software of the PM 877 Controller. Wind River has announced security vulnerabilities in the VxWorks TCP/IP stack IPnet and management of memory block size Bad Alloc. The controller PM 877 is...

8.1CVSS8.9AI score0.03189EPSS
Exploits0References4
Rows per page
Query Builder