The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | -- | Jan 11, 2023 | n/a |
| CVE-2022-41109 | Windows Win32k Elevation of Privilege Vulnerability | -- | Nov 10, 2022 | n/a |
| CVE-2022-41092 | Windows Win32k Elevation of Privilege Vulnerability | -- | Nov 10, 2022 | n/a |
| CVE-2022-37986 | Windows Win32k Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-24542 | Windows Win32k Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2022-24474 | Windows Win32k Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-26863 | Windows Win32k Elevation of Privilege Vulnerability | HIGH | Mar 13, 2021 | n/a |
| CVE-2021-26900 | Windows Win32k Elevation of Privilege Vulnerability | HIGH | Mar 11, 2021 | n/a |
| CVE-2021-26875 | Windows Win32k Elevation of Privilege Vulnerability | MEDIUM | Mar 11, 2021 | n/a |
| CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability | HIGH | Mar 11, 2021 | n/a |
| CVE-2021-1698 | Windows Win32k Elevation of Privilege Vulnerability | MEDIUM | Feb 26, 2021 | n/a |
| CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability | MEDIUM | Feb 26, 2021 | n/a |
| CVE-2021-1709 | Windows Win32k Elevation of Privilege Vulnerability | HIGH | Jan 12, 2021 | n/a |
| CVE-2020-17057 | Windows Win32k Elevation of Privilege Vulnerability | HIGH | Nov 12, 2020 | n/a |
| CVE-2022-34699 | Windows Win32k Elevation of Privilege Vulnerability. | -- | Aug 12, 2022 | n/a |
| CVE-2023-36905 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | -- | Aug 8, 2023 | n/a |
| CVE-2022-29121 | Windows WLAN AutoConfig Service Denial of Service Vulnerability | LOW | May 11, 2022 | n/a |
| CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2022-26935 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | LOW | May 11, 2022 | n/a |
| CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | HIGH | Sep 15, 2021 | n/a |
| CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | LOW | Apr 15, 2021 | n/a |
| CVE-2022-37984 | Windows WLAN Service Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2021-1646 | Windows WLAN Service Elevation of Privilege Vulnerability | HIGH | Jan 15, 2021 | n/a |
| CVE-2022-26807 | Windows Work Folder Service Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-25749 | Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | -- | Sep 16, 2022 | n/a |
| CVE-2022-38034 | Windows Workstation Service Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2017-16003 | windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | HIGH | May 29, 2018 | n/a |
| CVE-2016-10696 | windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | HIGH | Jun 4, 2018 | n/a |
| CVE-2016-10687 | windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | HIGH | Jun 4, 2018 | n/a |
| CVE-2016-10691 | windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | HIGH | Jun 4, 2018 | n/a |
| CVE-2016-10670 | windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | HIGH | Jun 4, 2018 | n/a |
| CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | MEDIUM | Jul 16, 2022 | n/a |
| CVE-2016-4710 | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage type confusion, a different vulnerability than CVE-2016-4709. | HIGH | Sep 26, 2016 | n/a |
| CVE-2016-4709 | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage type confusion, a different vulnerability than CVE-2016-4710. | HIGH | Sep 26, 2016 | n/a |
| CVE-2014-1314 | WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | High | Apr 24, 2014 | n/a |
| CVE-2018-10071 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. | MEDIUM | Apr 12, 2018 | n/a |
| CVE-2018-10072 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. | MEDIUM | Apr 12, 2018 | n/a |
| CVE-2018-9136 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821. | HIGH | Mar 30, 2018 | n/a |
| CVE-2018-8821 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file. | HIGH | Mar 20, 2018 | n/a |
| CVE-2018-11334 | Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.pipeWindscribeService. | MEDIUM | May 23, 2018 | n/a |
| CVE-2013-7473 | Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2013-7474 | Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2009-0313 | winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file. | Medium | Jan 28, 2009 | n/a |
| CVE-2016-0047 | WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka Windows Forms Information Disclosure Vulnerability. | MEDIUM | Feb 10, 2016 | n/a |
| CVE-2008-5666 | WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid NLST -1 command. | Low | Dec 25, 2008 | n/a |
| CVE-2012-4729 | Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. | Medium | Oct 26, 2012 | n/a |
| CVE-2020-8634 | Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root. | HIGH | Mar 9, 2020 | n/a |
| CVE-2020-8635 | Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files. | HIGH | Mar 9, 2020 | n/a |
| CVE-2020-13866 | WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | HIGH | Jun 8, 2020 | n/a |
| CVE-2023-25152 | Wings is Pterodactyl\'s server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing server allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. | -- | Feb 9, 2023 | n/a |
