GCVE - cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*

part: o version: 7.0 update: -

Vendor	Windriver (`1c9d3e00-99c4-5be7-a4c6-5cc8709ef134`)
Product	Vxworks (`437ab3e0-0513-5f7d-b676-0a34e46c28dc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-38346`	vulnerable	2026-06-08 06:08:17.634117	Details available An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior. Published: 2023-09-22T00:00:00.000Z Updated: 2024-09-25T15:13:20.054Z Open on db.gcve.eu Reference links https://support2.windriver.com/index.php?page=security-notices https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/ https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11440`	vulnerable	2026-06-08 05:16:47.193028	Details available httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. Published: 2020-07-23T13:59:12.000Z Updated: 2024-08-04T11:28:13.887Z Open on db.gcve.eu Reference links https://windriver.com https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-11440	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12265`	vulnerable	2026-06-08 05:12:38.849447	Details available Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. Published: 2019-08-09T18:14:23.000Z Updated: 2024-08-04T23:17:39.695Z Open on db.gcve.eu Reference links https://support2.windriver.com/index.php?page=security-notices https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://security.netapp.com/advisory/ntap-20190802-0001/ https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12263`	vulnerable	2026-06-08 05:12:38.835558	Details available Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Published: 2019-08-09T18:10:00.000Z Updated: 2024-08-04T23:17:39.559Z Open on db.gcve.eu Reference links https://support2.windriver.com/index.php?page=security-notices https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://security.netapp.com/advisory/ntap-20190802-0001/ https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12261`	vulnerable	2026-06-08 05:12:38.819917	Details available Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. Published: 2019-08-09T20:27:25.000Z Updated: 2024-08-04T23:17:38.872Z Open on db.gcve.eu Reference links https://www.oracle.com/security-alerts/cpuoct2020.html https://support2.windriver.com/index.php?page=security-notices https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf https://security.netapp.com/advisory/ntap-20190802-0001/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12260`	vulnerable	2026-06-08 05:12:38.811977	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12259`	vulnerable	2026-06-08 05:12:38.800211	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12258`	vulnerable	2026-06-08 05:12:38.797862	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.