The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2021 | n/a |
| CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability | HIGH | Nov 12, 2020 | n/a |
| CVE-2020-17010 | Win32k Elevation of Privilege Vulnerability | HIGH | Nov 12, 2020 | n/a |
| CVE-2017-8580 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. | MEDIUM | Jul 11, 2017 | n/a |
| CVE-2017-8578 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | HIGH | Jul 11, 2017 | n/a |
| CVE-2017-8581 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. | LOW | Jul 11, 2017 | n/a |
| CVE-2017-8577 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | MEDIUM | Jul 11, 2017 | n/a |
| CVE-2022-21876 | Win32k Information Disclosure Vulnerability | MEDIUM | Jan 13, 2022 | n/a |
| CVE-2021-34491 | Win32k Information Disclosure Vulnerability | MEDIUM | Jul 14, 2021 | n/a |
| CVE-2020-17013 | Win32k Information Disclosure Vulnerability | LOW | Nov 12, 2020 | n/a |
| CVE-2013-4695 | Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | MEDIUM | Jan 4, 2020 | n/a |
| CVE-2017-10725 | Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8. | Medium | Jul 7, 2017 | n/a |
| CVE-2017-10727 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f. | MEDIUM | Jul 5, 2017 | n/a |
| CVE-2017-10726 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951. | MEDIUM | Jul 5, 2017 | n/a |
| CVE-2017-10728 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d. | MEDIUM | Jul 5, 2017 | n/a |
| CVE-2017-16951 | Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. | MEDIUM | Nov 28, 2017 | n/a |
| CVE-2019-12265 | Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. | MEDIUM | Aug 19, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12257 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | MEDIUM | Aug 11, 2019 | n/a |
| CVE-2019-12258 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | MEDIUM | Aug 11, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12262 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). | HIGH | Aug 29, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12259 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | MEDIUM | Aug 11, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12264 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. | MEDIUM | Aug 16, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12261 | Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | HIGH | Aug 19, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12256 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | HIGH | Aug 11, 2019 | SR0541,SR0620 (VxWorks 7) |
| CVE-2019-12260 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | HIGH | Aug 19, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2019-12263 | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | MEDIUM | Aug 19, 2019 | SR0540,SR0620 (VxWorks 7) |
| CVE-2015-3963 | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | LOW | Aug 5, 2015 | ipnet_coreip-1.2.2.0 (VxWorks 7) |
| CVE-2019-12255 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | HIGH | Aug 11, 2019 | n/a |
| CVE-2017-16220 | wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. | MEDIUM | Jun 6, 2018 | n/a |
| CVE-2017-7894 | WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a User Mode Write AV near NULL in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several zoom in (e.g., Ctrl + Plus) commands. | MEDIUM | Jul 5, 2017 | n/a |
| CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | -- | Apr 11, 2023 | n/a |
| CVE-2021-1699 | Windows (modem.sys) Information Disclosure Vulnerability | LOW | Jan 12, 2021 | n/a |
| CVE-2017-8584 | Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka HoloLens Remote Code Execution Vulnerability. | HIGH | Jul 11, 2017 | n/a |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the Mark of the Web. Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | HIGH | Oct 18, 2018 | n/a |
| CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Nov 24, 2021 | n/a |
| CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Nov 24, 2021 | n/a |
| CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | HIGH | Mar 11, 2021 | n/a |
| CVE-2018-0828 | Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka Windows Elevation of Privilege Vulnerability. | MEDIUM | Feb 15, 2018 | n/a |
| CVE-2018-1276 | Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials. | MEDIUM | May 17, 2018 | n/a |
| CVE-2022-28766 | Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. | -- | Nov 18, 2022 | n/a |
| CVE-2023-34367 | Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue. | -- | Jun 14, 2023 | n/a |
| CVE-2017-11885 | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka Windows RRAS Service Remote Code Execution Vulnerability. | HIGH | Dec 12, 2017 | n/a |
| CVE-2018-0842 | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka Windows Kernel Elevation of Privilege Vulnerability. | MEDIUM | Feb 15, 2018 | n/a |
| CVE-2017-11927 | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka Microsoft Windows Information Disclosure Vulnerability. | MEDIUM | Dec 12, 2017 | n/a |
| CVE-2018-0753 | Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka Windows IPSec Denial of Service Vulnerability. | HIGH | Jan 4, 2018 | n/a |
| CVE-2022-21859 | Windows Accounts Control Elevation of Privilege Vulnerability | MEDIUM | Jan 14, 2022 | n/a |
| CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | -- | Mar 14, 2023 | n/a |
| CVE-2023-35351 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | -- | Jul 11, 2023 | n/a |
| CVE-2023-35350 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | -- | Jul 11, 2023 | n/a |
