The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability | HIGH | Feb 9, 2022 |
CVE-2022-21887 | Win32k Elevation of Privilege Vulnerability | HIGH | Jan 12, 2022 |
CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability | HIGH | Jan 12, 2022 |
CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Oct 13, 2021 |
CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Oct 13, 2021 |
CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Oct 13, 2021 |
CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 |
CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 |
CVE-2021-34516 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Jul 14, 2021 |
CVE-2021-34449 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Jul 17, 2021 |
CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Apr 16, 2021 |
CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2021 |
CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability | HIGH | Nov 12, 2020 |
CVE-2020-17010 | Win32k Elevation of Privilege Vulnerability | HIGH | Nov 12, 2020 |
CVE-2017-8580 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. | MEDIUM | Jul 11, 2017 |
CVE-2017-8578 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | HIGH | Jul 11, 2017 |
CVE-2017-8581 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. | LOW | Jul 11, 2017 |
CVE-2017-8577 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | MEDIUM | Jul 11, 2017 |
CVE-2022-21876 | Win32k Information Disclosure Vulnerability | MEDIUM | Jan 13, 2022 |
CVE-2021-34491 | Win32k Information Disclosure Vulnerability | MEDIUM | Jul 14, 2021 |
CVE-2020-17013 | Win32k Information Disclosure Vulnerability | LOW | Nov 12, 2020 |
CVE-2013-4695 | Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | MEDIUM | Jan 4, 2020 |
CVE-2017-10725 | Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8. | Medium | Jul 7, 2017 |
CVE-2017-10727 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f. | MEDIUM | Jul 5, 2017 |
CVE-2017-10726 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951. | MEDIUM | Jul 5, 2017 |
CVE-2017-10728 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d. | MEDIUM | Jul 5, 2017 |
CVE-2017-16951 | Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. | MEDIUM | Nov 28, 2017 |
CVE-2019-12265 | Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. | MEDIUM | Aug 19, 2019 |
CVE-2019-12257 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | MEDIUM | Aug 11, 2019 |
CVE-2019-12258 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | MEDIUM | Aug 11, 2019 |
CVE-2019-12262 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). | HIGH | Aug 29, 2019 |
CVE-2019-12259 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | MEDIUM | Aug 11, 2019 |
CVE-2019-12264 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. | MEDIUM | Aug 16, 2019 |
CVE-2019-12261 | Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | HIGH | Aug 19, 2019 |
CVE-2019-12256 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | HIGH | Aug 11, 2019 |
CVE-2019-12260 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | HIGH | Aug 19, 2019 |
CVE-2019-12263 | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | MEDIUM | Aug 19, 2019 |
CVE-2015-3963 | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | LOW | Aug 5, 2015 |
CVE-2019-12255 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | HIGH | Aug 11, 2019 |
CVE-2017-16220 | wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. | MEDIUM | Jun 6, 2018 |
CVE-2017-7894 | WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a User Mode Write AV near NULL in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several zoom in (e.g., Ctrl + Plus) commands. | MEDIUM | Jul 5, 2017 |
CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | -- | Apr 11, 2023 |
CVE-2021-1699 | Windows (modem.sys) Information Disclosure Vulnerability | LOW | Jan 12, 2021 |
CVE-2017-8584 | Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka HoloLens Remote Code Execution Vulnerability. | HIGH | Jul 11, 2017 |
CVE-2018-12368 | Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the Mark of the Web. Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | HIGH | Oct 18, 2018 |
CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Nov 24, 2021 |
CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Nov 24, 2021 |
CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 |
CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | HIGH | Mar 11, 2021 |
CVE-2018-0828 | Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka Windows Elevation of Privilege Vulnerability. | MEDIUM | Feb 15, 2018 |