Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vxworks
(Windriver)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-05 | CVE-2019-12264 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Vxworks | 7.1 | ||
| 2019-08-14 | CVE-2019-12262 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Vxworks | 9.8 | ||
| 2015-08-04 | CVE-2015-3963 | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | Vxworks | N/A | ||
| 2020-07-23 | CVE-2020-11440 | httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. | Vxworks | 7.5 | ||
| 2020-04-27 | CVE-2020-10664 | The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. | Vxworks | 7.5 | ||
| 2019-05-29 | CVE-2019-9865 | When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. | Vxworks | 8.1 | ||
| 2017-02-07 | CVE-2015-7599 | Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. | Vxworks | 8.1 | ||
| 2013-03-20 | CVE-2013-0716 | The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | Vxworks | N/A | ||
| 2013-03-20 | CVE-2013-0715 | The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | Vxworks | N/A | ||
| 2013-03-20 | CVE-2013-0714 | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. | Vxworks | N/A |