Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 175431 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-29336 Win32k Elevation of Privilege Vulnerability -- May 9, 2023 n/a
CVE-2023-24902 Win32k Elevation of Privilege Vulnerability -- May 9, 2023 n/a
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability -- Apr 11, 2023 n/a
CVE-2022-38050 Win32k Elevation of Privilege Vulnerability -- Oct 13, 2022 n/a
CVE-2022-26914 Win32k Elevation of Privilege Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability HIGH Feb 9, 2022 n/a
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability HIGH Jan 12, 2022 n/a
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability HIGH Jan 12, 2022 n/a
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability MEDIUM Oct 13, 2021 n/a
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability MEDIUM Oct 13, 2021 n/a
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability MEDIUM Oct 13, 2021 n/a
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability MEDIUM Sep 15, 2021 n/a
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability MEDIUM Sep 15, 2021 n/a
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability MEDIUM Jul 14, 2021 n/a
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability MEDIUM Jul 17, 2021 n/a
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability MEDIUM Apr 16, 2021 n/a
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability MEDIUM Apr 15, 2021 n/a
CVE-2020-17038 Win32k Elevation of Privilege Vulnerability HIGH Nov 12, 2020 n/a
CVE-2020-17010 Win32k Elevation of Privilege Vulnerability HIGH Nov 12, 2020 n/a
CVE-2017-8580 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. MEDIUM Jul 11, 2017 n/a
CVE-2017-8578 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. HIGH Jul 11, 2017 n/a
CVE-2017-8581 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. LOW Jul 11, 2017 n/a
CVE-2017-8577 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. MEDIUM Jul 11, 2017 n/a
CVE-2022-21876 Win32k Information Disclosure Vulnerability MEDIUM Jan 13, 2022 n/a
CVE-2021-34491 Win32k Information Disclosure Vulnerability MEDIUM Jul 14, 2021 n/a
CVE-2020-17013 Win32k Information Disclosure Vulnerability LOW Nov 12, 2020 n/a
CVE-2013-4695 Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution MEDIUM Jan 4, 2020 n/a
CVE-2017-10725 Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8. Medium Jul 7, 2017 n/a
CVE-2017-10727 Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f. MEDIUM Jul 5, 2017 n/a
CVE-2017-10726 Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951. MEDIUM Jul 5, 2017 n/a
CVE-2017-10728 Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d. MEDIUM Jul 5, 2017 n/a
CVE-2017-16951 Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. MEDIUM Nov 28, 2017 n/a
CVE-2019-12265 Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. MEDIUM Aug 19, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12257 Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. MEDIUM Aug 11, 2019 n/a
CVE-2019-12258 Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. MEDIUM Aug 11, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12262 Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). HIGH Aug 29, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12259 Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. MEDIUM Aug 11, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12264 Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. MEDIUM Aug 16, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12261 Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. HIGH Aug 19, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12256 Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. HIGH Aug 11, 2019 SR0541,SR0620 (VxWorks 7)
CVE-2019-12260 Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. HIGH Aug 19, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2019-12263 Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. MEDIUM Aug 19, 2019 SR0540,SR0620 (VxWorks 7)
CVE-2015-3963 Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. LOW Aug 5, 2015 ipnet_coreip-1.2.2.0 (VxWorks 7)
CVE-2019-12255 Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. HIGH Aug 11, 2019 n/a
CVE-2017-16220 wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. MEDIUM Jun 6, 2018 n/a
CVE-2017-7894 WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a User Mode Write AV near NULL in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several zoom in (e.g., Ctrl + Plus) commands. MEDIUM Jul 5, 2017 n/a
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability -- Apr 11, 2023 n/a
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability LOW Jan 12, 2021 n/a
CVE-2017-8584 Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka HoloLens Remote Code Execution Vulnerability. HIGH Jul 11, 2017 n/a
CVE-2018-12368 Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the Mark of the Web. Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. HIGH Oct 18, 2018 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online