Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vxworks
(Windriver)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-08-04 | CVE-2015-3963 | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | Vxworks | N/A | ||
| 2020-07-23 | CVE-2020-11440 | httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. | Vxworks | 7.5 | ||
| 2021-04-13 | CVE-2021-29997 | An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE. | Vxworks | 5.3 | ||
| 2021-04-13 | CVE-2021-29999 | An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. | Vxworks | 9.8 | ||
| 2020-04-27 | CVE-2020-10664 | The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. | Vxworks | 7.5 | ||
| 2019-05-29 | CVE-2019-9865 | When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. | Vxworks | 8.1 | ||
| 2017-02-07 | CVE-2015-7599 | Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. | Vxworks | 8.1 | ||
| 2013-03-20 | CVE-2013-0716 | The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | Vxworks | N/A | ||
| 2013-03-20 | CVE-2013-0715 | The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | Vxworks | N/A | ||
| 2013-03-20 | CVE-2013-0714 | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. | Vxworks | N/A |