threat
engine
.sh
Back
·
··:··
Home
/
Product
/
windriver vxworks
Product
windriver vxworks
61 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-26314
>= 6.0.0 and < 16.2.0
Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute ar
7.8
HIGH
CVE-2024-25088
< 12.5.1
Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary
7.8
HIGH
CVE-2024-25087
< 12.7.0
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error
5.5
MEDIUM
CVE-2024-25086
< 12.2.0
Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary
7.8
HIGH
CVE-2024-22106
< 12.5.1
Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary co
7.8
HIGH
CVE-2024-22105
< 12.5.1
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error
5.5
MEDIUM
CVE-2024-22104
< 12.5.1
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and
5.5
MEDIUM
CVE-2024-22103
< 12.6.0
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and
5.5
MEDIUM
CVE-2024-22102
< 12.6.0
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error
5.5
MEDIUM
CVE-2023-51778
< 12.1.0
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and
5.5
MEDIUM
CVE-2023-51777
< 12.1.0
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error
5.5
MEDIUM
CVE-2023-51776
< 12.1.0
Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary
7.8
HIGH
CVE-2023-51787
all versions
An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limite
7.5
HIGH
CVE-2023-38346
all versions
An issue was discovered in Wind River VxWorks 6.9 and 7. The function `
tarExtract
` implements TAR file extraction and thereby al
8.8
HIGH
CVE-2022-38767
>= 6.9 and < 6.9.4.12
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may ca
7.5
HIGH
CVE-2022-23937
all versions
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenar
5.3
MEDIUM
CVE-2021-43268
>= 6.9 and <= 7.0
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond t
6.5
MEDIUM
CVE-2020-35198
>= 6.9 and < 6.9.4.12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory bloc
9.8
CRITICAL
CVE-2021-29999
<= 6.8
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
9.8
CRITICAL
CVE-2021-29998
< 6.5
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
9.8
CRITICAL
CVE-2021-29997
>= 7.0 and < 21.03
An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.
5.3
MEDIUM
CVE-2021-3450
all versions
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4
HIGH
CVE-2016-20009
>= 6.5 and <= 7.0
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerabilit
9.8
CRITICAL
CVE-2020-28895
>= 6.9 and < 6.9.4.12
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc()
7.3
HIGH
CVE-2020-11440
>= 5.5 and < 7.0
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.
7.5
HIGH
CVE-2020-10664
all versions
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.
7.5
HIGH
CVE-2019-12262
all versions
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerabilit
9.8
CRITICAL
CVE-2019-12261
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vul
9.8
CRITICAL
CVE-2019-12260
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability:
9.8
CRITICAL
CVE-2019-12258
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP c
7.5
HIGH
CVE-2019-12255
>= 6.5 and < 6.9.4
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent P
9.8
CRITICAL
CVE-2019-12265
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET securit
5.3
MEDIUM
CVE-2019-12263
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerabili
8.1
HIGH
CVE-2019-12259
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security
7.5
HIGH
CVE-2019-12257
>= 6.5 and < 6.9.4
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: H
8.8
HIGH
CVE-2019-12256
>= 6.5 and < 6.9.4.12
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overfl
9.8
CRITICAL
CVE-2019-12264
all versions
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client
7.1
HIGH
CVE-2019-9865
>= 6.9 and < 6.9.1
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow lead
8.1
HIGH
CVE-2018-10072
< 12.7.0
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf Devic
5.5
MEDIUM
CVE-2018-10071
< 12.8.0
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB Devic
5.5
MEDIUM
CVE-2018-9136
< 12.7.0
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe fil
5.5
MEDIUM
CVE-2018-8821
< 12.8.0
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe fil
5.5
MEDIUM
CVE-2018-5189
< 12.6.0
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileg
7.8
HIGH
CVE-2017-14344
<= 12.5.1
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obt
7.8
HIGH
CVE-2017-14153
<= 12.5.1
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obt
7.8
HIGH
CVE-2017-14075
<= 12.5.1
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obt
7.8
HIGH
CVE-2015-7599
<= 6.9.4.1
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure
8.1
HIGH
CVE-2015-3963
>= 6.5 and <= 6.6
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ip
CVE-2013-0716
all versions
The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a cra
CVE-2013-0715
all versions
The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI ses
CVE-2013-0714
all versions
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a deni
CVE-2013-0713
all versions
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (d
CVE-2013-0712
all versions
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (d
CVE-2013-0711
all versions
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outa
CVE-2010-2968
<= 6.8
The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it eas
CVE-2010-2967
<= 6.8
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct p
CVE-2010-2966
<= 6.8
The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (a
CVE-2010-2965
<= 6.9.4.12
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT serie
9.8
CRITICAL
CVE-2008-2476
<= 6.4
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4)
CVE-2002-1337
all versions
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields,
CVE-1999-0524
all versions
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
4.0
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin