<´╗┐img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=112631&fmt=gif" />


Wind River is committed to active threat monitoring, rapid assessment, proactive customer notification, and timely fixes. This page brings together useful resources to help you navigate an evolving threat landscape.

cve Resources

Access our searchable database of Common Vulnerabilities and Exposures (CVEs).

Search the database

Recent CVEs

  • CVE-2016-4975 | 2018-08-14

    Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the Location or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

  • CVE-2018-0131 | 2018-08-14

    A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.

  • CVE-2018-12537 | 2018-08-14

    In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

  • CVE-2018-12539 | 2018-08-14

    In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

CVE Stats

  • Fixed in past 30 days: 14
  • Fixed in past 90 days: 111
  • Fixed in past 12 months: 948


Find and access all of
our patches at the
Knowledge Library

public release keys

Wind River protocol includes the use of PGP keys to sign our software. Use this public release key to sign content from your project:


Vulnerability Notices

Wind River® is committed to active threat monitoring, rapid assessment and prioritization, proactive customer notification, and timely fixes. Check out the remediation information on some of the latest security vulnerabilities.


If you have information about a security issue or vulnerability with a Wind River product or technology, please send an email to security-alert@windriver.com.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Wind River security team will review your email and work with you in resolving the issue.