Every CVE whose affected-product data names Windriver Vxworks, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2013-0714 — CVSS 10.0 (critical): IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2010-2965 — CVSS 9.8 (critical): The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with…
CVE-2021-29999 — CVSS 9.8 (critical): An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
CVE-2021-29998 — CVSS 9.8 (critical): An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
CVE-2020-35198 — CVSS 9.8 (critical): An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size…
CVE-2019-12262 — CVSS 9.8 (critical): Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability…
CVE-2019-12261 — CVSS 9.8 (critical): Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security…
CVE-2019-12260 — CVSS 9.8 (critical): Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP…
CVE-2019-12256 — CVSS 9.8 (critical): Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the…
CVE-2016-20009 — CVSS 9.8 (critical): A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only…
CVE-2019-12255 — CVSS 9.8 (critical): Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer =…
CVE-2008-2476 — CVSS 9.3 (critical): The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10…
CVE-2019-12257 — CVSS 8.8 (high): Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap…
CVE-2023-38346 — CVSS 8.8 (high): An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also…
CVE-2015-7599 — CVSS 8.1 (high): Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call…
CVE-2019-12263 — CVSS 8.1 (high): Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP…
CVE-2019-9865 — CVSS 8.1 (high): When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an…
CVE-2013-0711 — CVSS 7.8 (high): IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a…
CVE-2010-2968 — CVSS 7.8 (high): The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for…
CVE-2010-2966 — CVSS 7.8 (high): The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka…
CVE-2010-2967 — CVSS 7.8 (high): The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible…
CVE-2019-12258 — CVSS 7.5 (high): Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection…
CVE-2019-12259 — CVSS 7.5 (high): Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security…
CVE-2023-51787 — CVSS 7.5 (high): An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited…
CVE-2020-10664 — CVSS 7.5 (high): The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.
CVE-2020-11440 — CVSS 7.5 (high): httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.
CVE-2022-38767 — CVSS 7.5 (high): An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause…
CVE-2020-28895 — CVSS 7.3 (high): In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a…
CVE-2019-12264 — CVSS 7.1 (high): Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client…
CVE-2013-0712 — CVSS 6.8 (medium): IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon…
CVE-2013-0713 — CVSS 6.8 (medium): IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon…
CVE-2021-43268 — CVSS 6.5 (medium): An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of…
CVE-2015-3963 — CVSS 5.8 (medium): Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7…
CVE-2019-12265 — CVSS 5.3 (medium): Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security…
CVE-2021-29997 — CVSS 5.3 (medium): An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.
CVE-2022-23937 — CVSS 5.3 (medium): In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.
CVE-2013-0716 — CVSS 5.0 (medium): The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.
CVE-2013-0715 — CVSS 4.0 (medium): The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session…