RSS   Vulnerabilities for 'Vxworks'   RSS

2021-11-24
 
CVE-2021-43268

CWE-415
 

 
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.

 
2021-04-13
 
CVE-2021-29999

CWE-787
 

 
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.

 
 
CVE-2021-29998

CWE-787
 

 
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.

 
 
CVE-2021-29997

CWE-611
 

 
XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.

 
2021-03-11
 
CVE-2016-20009

CWE-787
 

 
** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

 
2021-02-03
 
CVE-2020-28895

CWE-120
 

 
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

 
2020-07-23
 
CVE-2020-11440

CWE-200
 

 
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.

 
2020-04-27
 
CVE-2020-10664

CWE-476
 

 
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.

 
2019-08-14
 
CVE-2019-12262

CWE-284
 

 
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

 
2019-08-09
 
CVE-2019-12261

CWE-119
 

 
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

 


Copyright 2021, cxsecurity.com

 

Back to Top