<´╗┐img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=112631&fmt=gif" />

WIND RIVER SECURITY CENTER

Wind River is committed to active threat monitoring, rapid assessment, proactive customer notification, and timely fixes. This page brings together useful resources to help you navigate an evolving threat landscape.

cve Resources

Access our searchable database of Common Vulnerabilities and Exposures (CVEs).

Search the database

Recent CVEs

  • CVE-2017-2635 | 2018-07-30

    A NULL pointer dereference vulnerability was found in virStorageSourceUpdateBlockPhysicalSize when attempted to call on empty drives. Unprivileged local user can trigger this bug to crash libvirtd.

  • CVE-2018-10903 | 2018-07-30

    A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

  • CVE-2018-13280 | 2018-07-30

    Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

  • CVE-2016-9597 | 2018-07-30

    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

CVE Stats

  • Fixed in past 30 days: 0
  • Fixed in past 90 days: 85
  • Fixed in past 12 months: 917

SEARCH FOR PATCHES

Find and access all of
our patches at the
Knowledge Library

public release keys

Wind River protocol includes the use of PGP keys to sign our software. Use this public release key to sign content from your project:

Linux

Vulnerability Notices

Wind River® is committed to active threat monitoring, rapid assessment and prioritization, proactive customer notification, and timely fixes. Check out the remediation information on some of the latest security vulnerabilities.

REPORT A VULNERABILITY

If you have information about a security issue or vulnerability with a Wind River product or technology, please send an email to security-alert@windriver.com.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Wind River security team will review your email and work with you in resolving the issue.

RELATED RESOURCES