Vxworks@7.0 Security Vulnerabilities and Issues — Vxworks@7.0 CVE List

Lucene search

WindriverVxworks7.0

13 matches found

CVE•added 2019/08/09 8:15 p.m.•258 views

CVE-2019-12258

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

7.5CVSS8.4AI score0.15025EPSS

CVE•added 2019/08/09 9:15 p.m.•252 views

CVE-2019-12261

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

9.8CVSS9.2AI score0.17176EPSS

CVE•added 2019/08/09 9:15 p.m.•207 views

CVE-2019-12260

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

9.8CVSS9.3AI score0.26195EPSS

CVE•added 2019/08/09 7:15 p.m.•192 views

CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

8.1CVSS8.7AI score0.01439EPSS

CVE•added 2019/08/09 7:15 p.m.•168 views

CVE-2019-12259

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

7.5CVSS8.5AI score0.30047EPSS

CVE•added 2019/08/09 7:15 p.m.•146 views

CVE-2019-12265

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

5.3CVSS7AI score0.16528EPSS

CVE•added 2019/08/14 8:15 p.m.•118 views

CVE-2019-12262

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

9.8CVSS9.3AI score0.00421EPSS

CVE•added 2019/08/05 6:15 p.m.•101 views

CVE-2019-12264

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

7.1CVSS8.2AI score0.00284EPSS

CVE•added 2022/03/29 2:15 a.m.•78 views

CVE-2022-23937

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.

7.5CVSS7.3AI score0.00184EPSS

CVE•added 2015/08/04 1:59 a.m.•62 views

CVE-2015-3963

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, whic...

5.8CVSS5.1AI score0.04705EPSS

CVE•added 2022/11/25 3:15 p.m.•52 views

CVE-2022-38767

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

7.5CVSS7.4AI score0.00104EPSS

CVE•added 2020/07/23 2:15 p.m.•46 views

CVE-2020-11440

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.

7.5CVSS7.6AI score0.00322EPSS

CVE•added 2023/09/22 7:15 p.m.•36 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading s...

8.8CVSS8.5AI score0.0123EPSS