U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_xp:-:gold:embedded:*:*:*:*:*
  • CPE Name Search: true
There are 253 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-7485

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-7484

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-7483

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-5364

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Published: February 20, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2012-5362

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

Published: February 20, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2014-9748

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Published: February 11, 2020; 12:15:11 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14010

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

Published: April 26, 2018; 3:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5457

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.

Published: February 06, 2018; 4:29:00 PM -0500
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Published: June 22, 2017; 10:29:00 AM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2017-8487

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."

Published: June 15, 2017; 4:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2017-8461

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

Published: June 15, 2017; 4:29:00 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.

Published: March 11, 2017; 1:59:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-1305

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

Published: February 06, 2015; 10:59:12 AM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-7286

Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

Published: December 22, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3956

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.

Published: July 31, 2013; 9:20:28 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3697

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

Published: July 31, 2013; 9:20:28 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-1014

Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

Published: May 20, 2013; 10:44:35 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1011

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:35 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1010

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:35 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-1008

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:35 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH