Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:microsoft:windows_xp:-:sp2:~~embedded~~x86~
There are 1,198 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-7485

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-7484

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-7483

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-5364

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Published: February 20, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2012-5362

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

Published: February 20, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2014-9748

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Published: February 11, 2020; 12:15:11 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14010

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

Published: April 26, 2018; 3:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5457

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.

Published: February 06, 2018; 4:29:00 PM -0500
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Published: June 22, 2017; 10:29:00 AM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2017-8487

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."

Published: June 15, 2017; 4:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2017-8461

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

Published: June 15, 2017; 4:29:00 PM -0400
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.

Published: March 11, 2017; 1:59:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-1305

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

Published: February 06, 2015; 10:59:12 AM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-7286

Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

Published: December 22, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-0317

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."

Published: March 12, 2014; 1:15:19 AM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2013-3899

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."

Published: December 10, 2013; 7:55:03 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3878

Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability."

Published: December 10, 2013; 7:55:03 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2013-5065

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

Published: November 27, 2013; 7:55:04 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3887

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability."

Published: November 12, 2013; 7:55:02 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3894

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."

Published: October 09, 2013; 10:53:25 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH