Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 153501 entries
IDDescriptionPriorityModified date
CVE-2018-10862 WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \'Zip Slip\' vulnerability. MEDIUM Jul 28, 2018
CVE-2017-3216 WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. HIGH Jun 19, 2017
CVE-2008-4986 wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts. Medium Nov 6, 2008
CVE-2022-23922 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. MEDIUM Feb 25, 2022
CVE-2022-23104 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. MEDIUM Feb 25, 2022
CVE-2008-6118 win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. High Feb 12, 2009
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability. -- Apr 15, 2022
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. -- Apr 15, 2022
CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. -- Apr 15, 2022
CVE-2020-17038 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. HIGH Nov 12, 2020
CVE-2020-17010 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038. HIGH Nov 12, 2020
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072. MEDIUM Apr 16, 2021
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310. MEDIUM Apr 15, 2021
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34449. MEDIUM Jul 14, 2021
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34516. MEDIUM Jul 17, 2021
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975. MEDIUM Sep 15, 2021
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639. MEDIUM Sep 15, 2021
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. MEDIUM Oct 13, 2021
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357. MEDIUM Oct 13, 2021
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357. MEDIUM Oct 13, 2021
CVE-2022-26914 Win32k Elevation of Privilege Vulnerability. -- Apr 15, 2022
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability. -- Feb 9, 2022
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882. -- Jan 12, 2022
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887. -- Jan 12, 2022
CVE-2017-8580 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. MEDIUM Jul 11, 2017
CVE-2017-8578 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. HIGH Jul 11, 2017
CVE-2017-8581 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. LOW Jul 11, 2017
CVE-2017-8577 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. MEDIUM Jul 11, 2017
CVE-2021-34491 Win32k Information Disclosure Vulnerability MEDIUM Jul 14, 2021
CVE-2020-17013 Win32k Information Disclosure Vulnerability LOW Nov 12, 2020
CVE-2022-21876 Win32k Information Disclosure Vulnerability. -- Jan 13, 2022
CVE-2008-6819 win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. Medium Jun 2, 2009
CVE-2009-3020 win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. High Sep 1, 2009
CVE-2009-2514 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka Win32k EOT Parsing Vulnerability. High Nov 17, 2009
CVE-2009-1127 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka Win32k NULL Pointer Dereferencing Vulnerability. Medium Nov 17, 2009
CVE-2011-5046 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 Professional 64-bit, when using Apple Safari, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a large height attribute in an IFRAME. High Jan 4, 2012
CVE-2014-0262 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka Win32k Window Handle Vulnerability. High Feb 6, 2014
CVE-2013-3881 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka Win32k NULL Page Vulnerability. High Oct 10, 2013
CVE-2015-2366 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. HIGH Jul 14, 2015
CVE-2015-2382 win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka Win32k Information Disclosure Vulnerability, a different vulnerability than CVE-2015-2381. LOW Jul 14, 2015
CVE-2015-2381 win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka Win32k Information Disclosure Vulnerability, a different vulnerability than CVE-2015-2382. LOW Jul 14, 2015
CVE-2015-0078 win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. High Mar 11, 2015
CVE-2015-1768 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka Win32k Memory Corruption Elevation of Privilege Vulnerability. High Jun 10, 2015
CVE-2015-2360 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka Win32k Elevation of Privilege Vulnerability. High Jun 10, 2015
CVE-2015-2365 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. HIGH Jul 14, 2015
CVE-2015-2367 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka Win32k Information Disclosure Vulnerability. LOW Jul 14, 2015
CVE-2015-2363 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. HIGH Jul 14, 2015
CVE-2015-0003 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka Win32k Elevation of Privilege Vulnerability. Medium Feb 18, 2015
CVE-2015-0057 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. High Feb 18, 2015
CVE-2014-4113 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka Win32k.sys Elevation of Privilege Vulnerability. High Oct 16, 2014
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online