Wind River VxWorks 6.9
Approved changes feed: RSS · Atom
cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*
part: o version: 6.9 update: *
| Vendor | Windriver (1c9d3e00-99c4-5be7-a4c6-5cc8709ef134) |
|---|---|
| Product | Vxworks (437ab3e0-0513-5f7d-b676-0a34e46c28dc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-38346 |
vulnerable | 2026-06-08 06:08:17.633202 |
Details available
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.
Published: 2023-09-22T00:00:00.000Z
Updated: 2024-09-25T15:13:20.054Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-23937 |
vulnerable | 2026-06-08 05:40:59.362989 |
Details available
MEDIUM (5.3)
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.
Published: 2022-03-29T01:21:06.000Z
Updated: 2024-08-03T03:59:23.097Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12262 |
vulnerable | 2026-06-08 05:12:38.832634 |
Details available
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
Published: 2019-08-14T19:18:13.000Z
Updated: 2024-08-04T23:17:39.465Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-7599 |
vulnerable | 2026-06-08 05:07:01.501978 |
Details available
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.
Published: 2017-02-07T17:00:00.000Z
Updated: 2024-08-06T07:51:28.614Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-0716 |
vulnerable | 2026-06-08 05:03:49.505770 |
Details available
The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.
Published: 2013-03-20T18:00:00.000Z
Updated: 2024-08-06T14:33:05.518Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-0715 |
vulnerable | 2026-06-08 05:03:49.505413 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-0714 |
vulnerable | 2026-06-08 05:03:49.505034 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-0713 |
vulnerable | 2026-06-08 05:03:49.504652 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-0712 |
vulnerable | 2026-06-08 05:03:49.504243 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-0711 |
vulnerable | 2026-06-08 05:03:49.503753 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.