<´╗┐img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=112631&fmt=gif" />


Wind River is committed to active threat monitoring, rapid assessment, proactive customer notification, and timely fixes. This page brings together useful resources to help you navigate an evolving threat landscape.

cve Resources

Access our searchable database of Common Vulnerabilities and Exposures (CVEs).

Search the database

Recent CVEs

  • CVE-2018-8847 | 2018-07-14

    Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.

  • CVE-2018-6969 | 2018-07-14

    VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.

  • CVE-2018-5738 | 2018-07-14

    BIND was found to not properly handle certain configuration options, unintentionally permiting all clients to perform recursive queries. This occurs when recursion yes; is in effect and no match list values are provided for allow-query-cache or allow-query for the setting of allow-recursion to inherit a setting of all hosts from the allow-query setting default.

  • CVE-2018-5737 | 2018-07-14

    BIND versions 9.12.0 and 9.12.1 are vulnerable to problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or an assertion failure resulting in termination of the named process.


Find and access all of
our patches at the
Knowledge Library

public release keys

Wind River protocol includes the use of PGP keys to sign our software. Use this public release key to sign content from your project:


Vulnerability Notices

Wind River® is committed to active threat monitoring, rapid assessment and prioritization, proactive customer notification, and timely fixes. Check out the remediation information on some of the latest security vulnerabilities.


If you have information about a security issue or vulnerability with a Wind River product or technology, please send an email to security-alert@windriver.com.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Wind River security team will review your email and work with you in resolving the issue.