The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-10862 | WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \'Zip Slip\' vulnerability. | MEDIUM | Jul 28, 2018 |
CVE-2017-3216 | WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | HIGH | Jun 19, 2017 |
CVE-2008-4986 | wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts. | Medium | Nov 6, 2008 |
CVE-2022-23922 | WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | MEDIUM | Feb 25, 2022 |
CVE-2022-23104 | WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | MEDIUM | Feb 25, 2022 |
CVE-2008-6118 | win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | High | Feb 12, 2009 |
CVE-2022-24485 | Win32 File Enumeration Remote Code Execution Vulnerability. | -- | Apr 15, 2022 |
CVE-2022-24534 | Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. | -- | Apr 15, 2022 |
CVE-2022-21983 | Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. | -- | Apr 15, 2022 |
CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. | HIGH | Nov 12, 2020 |
CVE-2020-17010 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038. | HIGH | Nov 12, 2020 |
CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072. | MEDIUM | Apr 16, 2021 |
CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310. | MEDIUM | Apr 15, 2021 |
CVE-2021-34516 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34449. | MEDIUM | Jul 14, 2021 |
CVE-2021-34449 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34516. | MEDIUM | Jul 17, 2021 |
CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975. | MEDIUM | Sep 15, 2021 |
CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639. | MEDIUM | Sep 15, 2021 |
CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. | MEDIUM | Oct 13, 2021 |
CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357. | MEDIUM | Oct 13, 2021 |
CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357. | MEDIUM | Oct 13, 2021 |
CVE-2022-26914 | Win32k Elevation of Privilege Vulnerability. | -- | Apr 15, 2022 |
CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability. | -- | Feb 9, 2022 |
CVE-2022-21887 | Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882. | -- | Jan 12, 2022 |
CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887. | -- | Jan 12, 2022 |
CVE-2017-8580 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. | MEDIUM | Jul 11, 2017 |
CVE-2017-8578 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | HIGH | Jul 11, 2017 |
CVE-2017-8581 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. | LOW | Jul 11, 2017 |
CVE-2017-8577 | Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | MEDIUM | Jul 11, 2017 |
CVE-2021-34491 | Win32k Information Disclosure Vulnerability | MEDIUM | Jul 14, 2021 |
CVE-2020-17013 | Win32k Information Disclosure Vulnerability | LOW | Nov 12, 2020 |
CVE-2022-21876 | Win32k Information Disclosure Vulnerability. | -- | Jan 13, 2022 |
CVE-2008-6819 | win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | Medium | Jun 2, 2009 |
CVE-2009-3020 | win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. | High | Sep 1, 2009 |
CVE-2009-2514 | win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka Win32k EOT Parsing Vulnerability. | High | Nov 17, 2009 |
CVE-2009-1127 | win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka Win32k NULL Pointer Dereferencing Vulnerability. | Medium | Nov 17, 2009 |
CVE-2011-5046 | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 Professional 64-bit, when using Apple Safari, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a large height attribute in an IFRAME. | High | Jan 4, 2012 |
CVE-2014-0262 | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka Win32k Window Handle Vulnerability. | High | Feb 6, 2014 |
CVE-2013-3881 | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka Win32k NULL Page Vulnerability. | High | Oct 10, 2013 |
CVE-2015-2366 | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | HIGH | Jul 14, 2015 |
CVE-2015-2382 | win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka Win32k Information Disclosure Vulnerability, a different vulnerability than CVE-2015-2381. | LOW | Jul 14, 2015 |
CVE-2015-2381 | win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka Win32k Information Disclosure Vulnerability, a different vulnerability than CVE-2015-2382. | LOW | Jul 14, 2015 |
CVE-2015-0078 | win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | High | Mar 11, 2015 |
CVE-2015-1768 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka Win32k Memory Corruption Elevation of Privilege Vulnerability. | High | Jun 10, 2015 |
CVE-2015-2360 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | High | Jun 10, 2015 |
CVE-2015-2365 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | HIGH | Jul 14, 2015 |
CVE-2015-2367 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka Win32k Information Disclosure Vulnerability. | LOW | Jul 14, 2015 |
CVE-2015-2363 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | HIGH | Jul 14, 2015 |
CVE-2015-0003 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | Medium | Feb 18, 2015 |
CVE-2015-0057 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. | High | Feb 18, 2015 |
CVE-2014-4113 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka Win32k.sys Elevation of Privilege Vulnerability. | High | Oct 16, 2014 |