CVE Tools

windriver

Operating Systemscommercial

26

Cumulative CVEs

6

Monthly snapshots

#25

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting windriver.

CVE-2023-51787An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak.7.5Feb 15, 2024
CVE-2023-38346An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute...8.8Sep 22, 2023
CVE-2022-38767An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.7.5Nov 25, 2022
CVE-2022-23937In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.5.3Mar 29, 2022
CVE-2021-43268An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.6.5Nov 24, 2021
CVE-2020-35198An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memor...9.8May 12, 2021
CVE-2021-29997An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.5.3Apr 13, 2021
CVE-2021-29999An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.9.8Apr 13, 2021
CVE-2021-29998An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.9.8Apr 13, 2021
CVE-2021-3450CA certificate check bypass with X509_V_FLAG_X509_STRICT7.4Mar 25, 2021
CVE-2016-20009A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer9.8Mar 11, 2021
CVE-2020-28895integer overflow in calloc7.3Feb 3, 2021
CVE-2020-11440httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.7.5Jul 23, 2020
CVE-2020-10664The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.7.5Apr 27, 2020
CVE-2019-12262Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).9.8Aug 14, 2019